Overview
Australian-born software company Octopus Deploy is on a mission to take the panic out of software deployments. Their platform helps developers and companies consistently deploy software features into environments, making it a repeatable and calm process.
Services Provided
- ISO/IEC 27001
- SOC 2
Challenge
With the goal to move into the global enterprise space, Octopus Deploy began looking at the requirements of enterprises in Europe and the United States. This involved different compliance standards, and evaluating which ones were considered world-class to these enterprises. It was quickly discovered that ISO/IEC 27001 in Europe and SOC 2 in the United States were going to be key for Octopus Deploy to win clients in each region.
When looking at each framework and the individual requirements, it became apparent there was a lot of overlap between the standards. This resulted in Octopus Deploy’s decision to complete both frameworks. They started with ISO/IEC 27001 and laid SOC 2 over that, with a few additional controls.
With their plan in place, Octopus Deploy started looking for audit firms and the most efficient way to achieve their goal.
“I love the flexibility of Sensiba. The entire team carries the mentality of ‘let’s set the audit over an entire window, but at various points in time, we can shift that window if needed. An example of this is that we recently acquired a new company and needed more time to get them onboarded, and that flexibility really helped us. The personalized service Sensiba brings to the table is very nice, and having people in our time zone and supporting local is a huge benefit.”
Jim BurgerDirector of Information GRC, Octopus Deploy
Solution
After first hearing about Vanta at a conference, Octopus Deploy’s CEO spoke with Jim Burger, the company’s Director of Information GRC, about using the platform on their compliance journey. Wanting to ensure they had all available information, the team looked at several different platforms, ultimately signing with Vanta.
After working with a traditional audit firm, Octopus Deploy started looking for an audit partner that could meet their agile requirements. “We practice agile delivery ourselves, and there had to be a better way to do this. Because we are a remote-first company, we needed something that was really agile alongside us,” Burger said.
After conducting a search looking for the terms ‘agile’ and ‘audit’ and speaking to Vanta, Sensiba stood out as the preferred audit partner. “I was overjoyed to see that it (Sensiba’s approach) would save us a lot of heartache and pain,” Burger said.
The power of Vanta’s automation, metrics, and dashboards meant that at a glance, the Octopus Deploy team knew where they stood. This was particularly helpful for app/user syncing and the ability to instantly know if something/someone had dropped out of compliance. There was no waiting or manual checking. Couple this with the ability to assign tasks to people directly in the platform, and Vanta proved to be a powerful compliance tool.
“Vanta really just takes the pain out of the ‘how am I going to establish the metrics/framework and address all the audit requirements?’ As a cloud-first, remote-first company, I can’t just go and look at a server rack; we rely on automation and tools that are done properly for these things. The vast array of Vanta integrations achieves this. Nearly everything is already in there.”
Result
Working with a team that could provide agile audits was important to Octopus Deploy, which needed an audit firm that could keep up with them as a cloud-first, remote-first business. While there was a deadline to work toward, Octopus Deploy didn’t know when they would be completely ‘audit ready’, and the flexibility and onboarding into the framework that Sensiba provided around this was immensely beneficial.
For Octopus Deploy, compliance was not another box-ticking exercise but rather an opportunity for a fresh perspective on a hard problem. In achieving compliance, they have not only bettered their systems but can reassure clients that their product is secure.
Octopus Deploy has continued to open doors in the enterprise space and ultimately increase its bottom line. From an internal perspective, the team now considers and uses compliance best practices for decision-making.
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
