Overview
Culture Amp is a global leader in employee experience changing the way over 25 million employees across 6,500 companies experience the world of work.
Service Provided
- SOC 2
Challenge
Finding an ideal audit partner who understood SOC 2 controls and could offer a “continuous compliance” approach was key to meeting the requirements of SOC 2.
Experiencing significant growth, and entering the transition phase from startup to scaleup, Culture Amp kicked off their SOC 2 journey by obtaining an audit report from a traditional audit firm. This gave them some insight into the controls they would need to focus on, but didn’t take into account the different ways a SaaS company approaches its ways of working.
Culture Amp then sought out an audit partner that could help them conduct a SOC 2 audit in an agile way, with flexibility to match their ways of working, and where they could embed ‘compliance by design’ to meet SOC 2 obligations.
There was widespread agreement that this would make the whole initiative achievable within an acceptable time frame. With an executive and organization focused on achieving these goals, the search for an agile audit partner began.
“We really want to focus on the things that make us extraordinary in the market that we play in. So being able to have someone like Sensiba behind us, to facilitate an outcome around that audit component in the assurance space, particularly for SOC 2, is incredibly helpful.”
Samm MacLeodVP Security and Risk, Culture Amp
Solution
Culture Amp realized the power of partnership with a fit-for-purpose audit firm built to cater to fast-growing technology companies with global operations and ambitions.
Sensiba took the time to understand Culture Amp’s ways of working and explained how their agile and technology- led auditing approach would be customized to suit it.
Culture Amp were provided with a clear map of their journey ahead, from the start. By completing Sensiba’s Readiness Assessment as their first step, Culture Amp was able to clearly see where their current controls and processes met the SOC 2 standard and where they had gaps.
Throughout the process, Culture Amp felt supported and well informed. With the guidance of their lead auditor Michael Precious and his team, they were able to understand the intent behind each control.
As they worked toward their SOC 2 Type 1, Culture Amp was able to implement timely improvements as a result of Sensiba’s responsiveness and constant feedback loops. At times, they even received video explanations to complicated queries that they could share with wider teams in their organization.
Sensiba exceeded all stakeholder expectations and helped the SOC 2 project team guide the rest of Culture Amp on the importance of SOC 2 to their business and customers.
Result
Through effective collaboration with an audit partner just as agile and communicative as Culture Amp itself, the partnership helped Culture Amp to not only meet the requirements of SOC 2, but do so in a way that aligned to their ways of working.
As a result, Culture Amp not only achieved SOC 2 Type 1 compliance, but they completed it earlier than their intended deadline.
After achieving their SOC 2 Type 1 and experiencing the Sensiba difference, Culture Amp felt confident enough to not only continue on with SOC 2 Type 2, but also engage Sensiba to support them with achieving an additional layer of compliance through a GDPR audit.
Culture Amp was able to complete GDPR in addition to their pre-planned SOC 2 Type 2 audit with ease and receive an efficiency gain, thanks to Sensiba’s blended audit approach. In it, any overlap between standards is removed, allowing Culture Amp to undertake a single audit (as planned) but emerge with multi-standard compliance.
With this added level of security compliance, Culture Amp would no longer just be meeting the minimum standards of their clients’ due diligence, but exceeding them and, with that, standing out against their competitors.
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
