Solution

With deadlines set for its SOC 2 audit (driven by current audit periods ending), Davra began its SOC 2 journey. Having integrations directly with the Drata platform and AI-powered audit tools, Sensiba provided an audit experience that Glynn shared was, “seamless and nothing like we’ve experienced before.”

Having originally set out to complete one of the SOC 2 Trust Services Criteria, Sensiba discovered through the scoping phase that Davra could add another two without drastically increasing the workload. “Everything was relevant to us as a company, and nothing was neglected,” shared Glynn.

Once the audit was underway, Sensiba’s AI- powered audit technology and team of experienced professionals began working to complete the audit within the deadline. This was achieved, with Davra completing their current SOC 2 in a more seamless and efficient manner than they’d experienced in the past.

Solution

One area where CyberNinja went above and beyond was helping with Humanforce’s compliance automation tool, Vanta.

“CyberNinja managed that for us and provided a lot of governance. We can leverage Vanta for internal and external sharing and radiate the correct information when needed. We also have a complex environment with four different technology stacks. CyberNinja guides all of these.” Whilst combining four products into each audit was a massive undertaking, Bongiorno reflected on the process, commenting that “it was the right decision. It really drove economies of scale.”

Sensiba was able to provide unity and clarity to Humanforce, which allowed them to complete SOC 2 and ISO/IEC 27001 on the intended deadlines. Through their remote approach, clear scope, owners, and metrics that were set from the start, made the whole process ‘game changing’.

Swapnil Jain, Chief Security Advisor, CyberNinja, shared his thoughts on the audit experience. “To make any security and compliance program succeed, leadership commitment is non-negotiable. At Humanforce, the CEO backed it, tech leaders owned it, and HR, Finance and Legal leaned in, so controls weren’t ‘just tech and security’s problem’. Together, CyberNinja and Sensiba turned that alignment into outcomes. Across multiple projects, our partnership has been exceptional, helping our customers achieve and sustain frameworks like ISO/IEC 27001 and SOC 2. We’re grateful to Sensiba for the collaboration. We’re proud of the progress so far and are dedicated to making next year even more successful.”

Solution

To manage both audits efficiently, CropTrak divided its internal teams to focus its efforts. The finance and HR teams concentrated on SOC 1, while Zwirblia focused on SOC 2.

“We held weekly meetings where I would receive SOC 1 status updates, but Com-Sec worked directly with that team to complete those requirements. Similarly, the SOC 1 team didn’t need to be involved in all the technical details of the SOC 2 work. They just received project updates,” said Zwirblia.

As the external advisor, Com-Sec played a pivotal role in CropTrak’s audits. They reviewed the evidence, identified overlaps between the standards, consolidated requirements, and presented exactly what was needed to each team. This approach allowed CropTrak to provide the correct evidence from the start, rather than experiencing back-and-forth communications with multiple parties. Having a single point of contact ensured seamless communication between CropTrak and Com- Sec, and subsequently between Com-Sec and Sensiba.

Once the evidence collection process was completed, Sensiba was able to review relevant controls and address both standards simultaneously, all within the Drata platform. This streamlined process enabled CropTrak to achieve SOC 1 and SOC 2 compliance within its target timelines.

Solution

The onboarding process was made easy by the shared access to the Vanta platform. Sensiba also set up a Slack channel, which made it easier to communicate and reduced the risk of losing emails among the noise. “Overall, the onboarding process was smooth, frictionless, and fast,” Condus said.

Having gone through an Essential 8 audit meant Airtree already had the base requirements in place. This meant Sensiba was able to dive into each requirement and make sure it was applicable to Airtree.

With Sensiba’s expertise, Vanta integration, and real-time communication, Airtree experienced how a model audit should feel and obtained a complete audit ahead of the intended deadline.

Solution

Working with a tight deadline, Balcazar and the team knew a compliance automation platform was needed. Lido ultimately signed with Drata. Having an audit partner who understood Lido’s goals and timeline, and knew how to work within the Drata environment, was important.

From the first call, Sensiba stood out with their speed, transparency, and experience. “They were true partners,” Balcazar said. “We wanted someone who could guide us through our first SOC 2 audit with clarity and support, without slowing down our growth. Their fixed-fee structure and cloud-first approach also matched the way we work.”

The integration between Sensiba and Drata allowed Lido to experience a smooth and streamlined SOC 2 process. Drata’s automation reduced the manual effort required from Lido and made it easy for the Sensiba team to review the evidence. Weekly check-ins and calls from Sensiba kept Lido on track to complete SOC 2 within the deadline.

“Everything was great,” Balcazar said. “Sensiba are great communicators, they get on calls to help us understand tactical next steps, they are patient, and have a great and respected reputation. Just an awesome experience.

Solution

After first hearing about Vanta at a conference, Octopus Deploy’s CEO spoke with Jim Burger, the company’s Director of Information GRC, about using the platform on their compliance journey. Wanting to ensure they had all available information, the team looked at several different platforms, ultimately signing with Vanta.

After working with a traditional audit firm, Octopus Deploy started looking for an audit partner that could meet their agile requirements. “We practice agile delivery ourselves, and there had to be a better way to do this. Because we are a remote-first company, we needed something that was really agile alongside us,” Burger said.

After conducting a search looking for the terms ‘agile’ and ‘audit’ and speaking to Vanta, Sensiba stood out as the preferred audit partner. “I was overjoyed to see that it (Sensiba’s approach) would save us a lot of heartache and pain,” Burger said.

The power of Vanta’s automation, metrics, and dashboards meant that at a glance, the Octopus Deploy team knew where they stood. This was particularly helpful for app/user syncing and the ability to instantly know if something/someone had dropped out of compliance. There was no waiting or manual checking. Couple this with the ability to assign tasks to people directly in the platform, and Vanta proved to be a powerful compliance tool.

“Vanta really just takes the pain out of the ‘how am I going to establish the metrics/framework and address all the audit requirements?’ As a cloud-first, remote-first company, I can’t just go and look at a server rack; we rely on automation and tools that are done properly for these things. The vast array of Vanta integrations achieves this. Nearly everything is already in there.”

Solution

With the frameworks decided on, Bayzat set out to look for an audit firm that could complete both audits. After considering firms recommended by their compliance automation platform, Drata, and asking around their network, Bayzat was introduced to Sensiba, which stood out as the preferred auditor.

“What stood out for Sensiba was their use of AI that really streamlined the process. It’s very well structured and organized, and we like that. We also liked the monthly continuous model, where we continuously have an auditor so we can easily renew every year, and we don’t have this as an event but rather as a continuous process of compliance,” said Abdelrahman.

Solution

Initial assessments of TantoSec’s audit-readiness showed their policies and documents were housed in different external drives. This static process would make collecting evidence difficult.

With guidance from CyberNinja, TantoSec started using the compliance automation platform Vanta. This took their manual evidence collection and transformed it into an automated process with a clear roadmap. CyberNinja was instrumental in updating TantoSec’s procedures to make them compliant with the ISO/IEC 27001 standard. This meant less time creating things from scratch and instead improving what the team already knew. CyberNinja’s responsiveness and availability throughout the process made getting audit-ready a lot more straightforward than anticipated.

Once TantoSec was audit-ready, the prep work meant TantoSec’s evidence was ready to go in Vanta. This made it seamless for the Sensiba auditors, who are familiar with the platform, to jump in and start testing. Ultimately, this saw TantoSec achieve ISO/IEC 27001 according to their roadmap.

Solution

CloudHound discovered Sensiba through the Drata Auditor Directory, where their top-rated status immediately stood out. A few key differentiators made the decision to partner with them an easy one.

“Sensiba has the highest rating on the Drata Auditor Directory, and for good reason. I’ve had varying experiences with other third-party vendors, but this process was great. I asked if we could start the same day, and to my surprise, the team said yes. This aligned perfectly with the goals we had for achieving SOC 2, combining high-quality work with the speed of a startup,” Gill said.

Rather than waiting days for answers or dealing with the usual back-and-forth of an audit, CloudHound experienced Sensiba’s modern approach. Built on rapid communication and close collaboration, the process involved responding to questions as they came in with clear, actionable feedback.

“The excellent responsiveness, communication, and collaboration from Sensiba is how we were able to achieve SOC 2 within our deadlines,” Gill said.

Solution

To address these challenges, Qanooni partnered with Axipro, who took the lead in their ISO/IEC 27001 journey, along with Drata, an advanced automation platform for continuous compliance monitoring, and Sensiba as the lead auditors. Together, they provided comprehensive support, including:

♦ Implementation of technical controls – Axipro assessed Qanooni’s security posture and implemented the necessary controls.
♦ Evidence collection and documentation – Axipro ensured evidence was collected and maintained properly.
♦ Penetration testing and remediation – Axipro conducted a thorough penetration test, identified vulnerabilities, provided remediation recommendations, and performed a re-test to validate security improvements.
♦ Audit preparation and support – Axipro guided Qanooni through the audit process, ensuring they were well-prepared and confident going into their certification assessment.

Sensiba’s involvement included:

♦ Pre-audit transparency – Clear audit plans, timelines, and expectations aligned with Qanooni’s operational realities.
♦ Collaborative audit execution – Open, efficient communication with Qanooni and Axipro throughout the audit window.
♦ Insight-driven feedback – Pragmatic insights that improved security outcomes beyond certification.

By aligning with Axipro’s preparation and leveraging Drata’s automation, Sensiba facilitated a seamless audit with zero major non-conformities.

Solution

Having already gone through ISO/IEC 27001 and SOC 2 audits, Roux and the team understood the work required in “preparing for the audit, and that an external partner would be needed.” Although with a newer standard, the Nebuly team had to find a partner who already had experience in the space.

Enter Fairly AI. Fairly AI provides automated testing on AI products on dimensions like fairness, privacy, and security, and this is helpful to companies wanting to adopt responsible AI practices. “We moved earlier than most companies (Q4 2024), and there were not many companies working on ISO/IEC 42001 back then. When I researched, I could see Fairly AI shaped the space and had real experience,” said Roux.

Fairly AI’s role was instrumental in getting the Nebuly team not only audit-ready but implementing the findings from the ISO/IEC 42001 audit. “I’d like to praise Fairly AI, because they’ve been instrumental in making this happen. They have been very helpful in providing the structure on how to prepare for the ISO/IEC 42001 audit.”

Solution

Initial discussions in late November 2024 clarified that Pyne needed to obtain ISO/IEC 27001 certification by the end of January 2025 to meet a client deadline. Internal prioritization was not a concern for the Pyne team. However, as this was their first time going through the process, they lacked clarity on external timelines. While they were fully prepared to contribute all necessary efforts on their side, they required a reliable partner to plan and execute the process effectively.

Sensiba rose to this challenge and outlined a timeline from the kick-off to certification, helping reassure Pyne that this was achievable. From here, the kick-off call was held, and the audit process began.

While time zone challenges were an initial concern, Geugelin noted that they ultimately worked in their favor throughout the process. Pyne was able to upload evidence, have Sensiba review it overnight, and then come back the next day to review any queries. This also helped the team plan and prioritize the ISO/IEC 27001 audit and other priorities.

Solution

Leveraging a relationship with a Sensiba auditor, Cresta enlisted Sensiba’s assistance to conduct its ISO/IEC 42001 certification audit. Given the recent release of the standard and dynamic changes in the AI sector, Cresta wanted a firm that would take a collaborative approach to the engagement and that understood its risks and controls.

For instance, Kugler said Cresta wanted to work with an auditor that could help them understand what the standard requires and how their implementation reflects its guidance. Working with an audit team that offered AI experience also helped streamline the process.

“There’s a difference between companies where all they do is AI, like Cresta, and companies that are laying AI on top of their old-school processes,” says Kugler. “Sensiba’s understanding of AI enabled us to have easier conversations because they understood what we’re doing as a company and what our controls were designed to do.”

Solution

Traditionally, the SOC 2 process can be overwhelming. Throw in different time zones and a quick timeline, and this process can go from overwhelming to something that seems impossible. Not for FactorySense RFID, though.

Sensiba’s tech-enabled approach allowed FactorySense RFID to collaborate with an audit firm that understood their business, understood technology, and used technology throughout the audit process. The speed at which SOC 2 was achieved was a testament to the communication and professionalism of the Sensiba team and the way they integrated technology into their practices.

“To put it simply, Sensiba exceeded our expectations when it came to matching our intensity and achieving the goal. I loved their speed, their turnaround and the fact they knew how to communicate with us,” says Lober.

“We were dealing with different time zones, but this honestly worked well. During the European day, the Sensiba team would review evidence and provide clear feedback on any areas that needed attention. When we came online to start the day in the United States, we had a slight cross-over to collaborate if needed, and then we had the rest of the day to action what had been clearly outlined for us. Sensiba then came back online to finalize the relevant items,” Lober said.

What made the most difference to the team at FactorySense RFID was having an auditor who “understood that we needed some flexibility because our customers demanded a tighter security posture, we needed to tighten down in a slightly different way than a traditional software company. There was no resistance from the Sensiba team who really understood what we needed and adapted accordingly,” says Lober.

Solution

Sensiba’s AI-powered audit technology integrated directly with Drata, allowing for a seamless and efficient audit experience. By providing clear instructions on the different types of evidence and reducing the back and forth, the audit experience measured up (and exceeded) what Lleverage.ai expected from an audit firm.

Lleverage.ai was able to complete its SOC 2 audit alongside its ISO/IEC 27001 audit, achieving both nahead of schedule. This was possible due to the cross-over of the frameworks and the efficiency gained from doing both side-by-side rather than one after the other.

“From getting audit ready in Drata to assigning Sensiba, and then working through the evidence uploads and controls, it was quite a painless process, and I’m generally happy with it,” Kooy says.