Overview
CropTrak partners with agricultural and food companies, from seed genetics and growers to harvesters and food companies, to define, document, and manage their entire supply chain digitally. CropTrak’s platform, created to meet the needs of the food and agriculture industry, enhances supply chain integrity and resilience and enables digital contracts and payments for growers with sustainability data capture, verification, and reporting.
Services Provided
- SOC 1
- SOC 2
Challenge
Working with some of the world’s leading agricultural and food companies, CropTrak requires a standard level of security and privacy. This need, combined with CropTrak’s internal commitment and values, drove its SOC 1 and 2 attestation initiatives.
Having experience with audits, Tommy Zwirblia, Chief Technology Officer, knew the work involved and wanted to reduce the manual processes needed to complete both audits efficiently. This is where compliance automation platform Drata, embedded security provider Com-Sec, and Sensiba came in. “Com-Sec really put me at ease with how the process would unfold, what they would handle, and their overall business model. Knowing we would pay a fixed amount and Com-Sec would guide us through the audit was reassuring,” Zwirblia said.
When selecting an audit firm, Zwirblia wanted a partner who would provide guidance throughout the process.
“What stood out to me was Sensiba’s continuous audit model. You weren’t just purchasing an audit but rather partnering with a team of experienced professionals who were there at every stage of the process.”
Tommy ZwirbliaChief Technology Officer, CropTrak
Solution
To manage both audits efficiently, CropTrak divided its internal teams to focus its efforts. The finance and HR teams concentrated on SOC 1, while Zwirblia focused on SOC 2.
“We held weekly meetings where I would receive SOC 1 status updates, but Com-Sec worked directly with that team to complete those requirements. Similarly, the SOC 1 team didn’t need to be involved in all the technical details of the SOC 2 work. They just received project updates,” said Zwirblia.
As the external advisor, Com-Sec played a pivotal role in CropTrak’s audits. They reviewed the evidence, identified overlaps between the standards, consolidated requirements, and presented exactly what was needed to each team. This approach allowed CropTrak to provide the correct evidence from the start, rather than experiencing back-and-forth communications with multiple parties. Having a single point of contact ensured seamless communication between CropTrak and Com- Sec, and subsequently between Com-Sec and Sensiba.
Once the evidence collection process was completed, Sensiba was able to review relevant controls and address both standards simultaneously, all within the Drata platform. This streamlined process enabled CropTrak to achieve SOC 1 and SOC 2 compliance within its target timelines.
Result
Following this successful audit process, CropTrak has been very satisfied with its control audits and continuous improvement process. CropTrak has engaged Com-Sec as its ongoing vCISO to maintain internal systems and streamline what was previously managed across multiple vendors. They have also partnered with Sensiba as their continuous audit provider.
Zwirblia shared his recommendations for others navigating their compliance journey: “The earlier you begin compliance initiatives, the more manageable they become. It’s optimal to establish policies and procedures from the outset, rather than scrambling to implement them for audit purposes.”
“We’ve worked with many different auditors, and it’s been a pleasure working with Sensiba; they make the process smooth.”
Farbod FakhraiCEO, Com-Sec
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
