Combining SOC 2 and ISO/IEC 27001 for a streamlined compliance journey

How Weel harnessed the power of multi-standard audits with Sensiba and Vanta to achieve SOC 2 and ISO.

Weel is the leading AI-powered Australia and New Zealand expense management platform, trusted by over 4,000 businesses from startups to enterprises. With virtual corporate cards, automated approvals, and real-time visibility, Weel gives finance teams everything they need to be expense complete before month-end even starts.

  • SOC 2
  • ISO/IEC 27001

Challenge

Weel has always viewed information security as critical, but being able to demonstrate its commitment to customers in an easily accessible way was important. Couple this with their goals of serving larger and global clients, who often require compliance as a prerequisite or due diligence, and the team quickly discovered that SOC 2 and ISO/IEC 27001 compliance met the business needs.

When evaluating both frameworks, Damon Hauenstein, CFO and COO at Weel, noted the vast overlap between them and made the call to pursue both at once. “It was a great way to take advantage of the momentum while it was there, so we went end-to-end and got both major certifications completed. The unique things in each framework ultimately meant we ended up with a more comprehensive program,” said Hauenstein.

“Sensiba and Vanta were excellent partners in their own right, but particularly the way the two worked together was super powerful. For us, it made it a more enjoyable experience. Sensiba took the time to understand our business and what we were trying to achieve.”

Damon HauensteinCFO and COO, Weel
Weel

Solution

With a plan in place, Hauenstein led the search for platforms to support the process. After leveraging local networks and conducting research, he selected Vanta. Hauenstein explained, “We wanted a company with similar values, in a fast-growing, scale-up phase. Vanta offered the most compelling, innovative solution.”

When it came time to engage an external audit firm, Hauenstein was introduced to Sensiba. “We seek partners who share our goals: modern, collaborative, customer-focused, and commercial. The strong alignment in values and Sensiba’s close partnership with Vanta revealed substantial synergy between their audit approach and our preparation. This ultimately led us to sign with Sensiba,” said Hauenstein.

As a Chartered Accountant who spent over a decade in investment banking before joining Weel, Hauenstein anticipated how the audit would unfold. With Sensiba’s integration with Vanta, he described the process as more “streamlined and structured.”

“There were only a handful of things required outside of the evidence in Vanta, and the processes in place from Sensiba to cover these were fantastic. There was great alignment between Sensiba and Vanta, and as a customer, it was quite a seamless exercise to go through,” said Hauenstein.

Result

With seamless platform integration and a proactive approach, Weel completed its SOC 2 and ISO/IEC 27001 audits on time. As a result, Weel has already seen improved security compliance, increased customer trust, and smoother internal processes across multiple areas of the business:

  • Culturally, everyone at Weel is on the same page about how compliance fits into company goals. Everyone agrees that growth and compliance go hand-in-hand.
  • Compliance has shortened security reviews and made it easier for customers to assess Weel during the buying process. Covering both SOC 2 and ISO/IEC 27001 sets Weel up for international expansion.
  • Operationally, compliance brought consistency to Weel by establishing repeatable processes.

For those looking to start their compliance journey, Hauenstein shared the following insights: “I look back on it and say what we did was good practice, common sense. Having clear ownership and sponsorship of it in the organization meant we were able to narrow our focus and get it finished. And having the right platform and partner makes it seamless. Compliance should be a continuous discipline, rather than just a one-time thing, and Sensiba and Vanta make this possible.”

Ready to get started?

Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.

Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.