Customer Stories / GitClear
GitClear gets ISO 27001 and SOC 2 certified in 6 months, increases lead generation, and improves customer trust
CHALLENGE
Lengthy security questionnaires were hampering efficiency
Efficiency is the name of the game at GitClear, but Matthew Kloster, Director of Engineering, found himself spending increasing amounts of time responding to lengthy security questionnaires. His team had some security policies documented, and had completed a NIST Cyber Health Check in the past, but customers were often asking about SOC 2 and ISO 27001. To streamline due diligence and stand out from competitors, Matthew and his team decided to pursue certification.
However, they knew they needed a compliance partner to guide them.
Compliance is such a heavyweight thing to learn, so we wanted to make sure that we were doing it right. The idea of spending all the time and effort and not having a successful certification was horrifying.
Matthew Kloster
Director of Engineering
GitClear
Matthew and his team evaluated several vendors, and were unsatisfied with the first solution they tried. They found that other vendors relied on automated AWS integration, but as GitClear is not primarily AWS-based, they needed a vendor that understood their holistic compliance needs and could provide a more prescriptive approach tailored to their business.
SOLUTION
Thoropass offered a tailored approach to ISO 27001, SOC 2, and pentesting
With an easy-to-use platform to drive the process, expert support to walk them through the frameworks as first-timers, and all-in-one preparation and audit services, Thoropass gave the GitClear team confidence to move forward with ISO 27001 and SOC 2.
During their initial implementation, Thoropass’ Customer Success Manager (CSM) helped Matthew’s team transfer evidence from their previous platform into Thoropass while upgrading to the latest ISO 27001 version.
Matthew explained, “our CSM was able to get a decent amount of evidence transferred over, which saved us a lot of time. Thoropass provided helpful information security policy templates that we customized to our specific needs.”
Before starting the compliance process, Matthew worried that the new policies would slow down his team’s work. But with their CSM’s help, he was able to largely document and keep their existing processes, while meeting both the ISO and SOC 2 frameworks. Thoropass also helped with transparency, helping Matthew justify the necessary security steps to GitClear’s leadership team.
Despite having a small team, Matthew found the process manageable. He valued the regular check-ins and timely responses from the CSM, helping him to stay on track.
“I’d ping our CSM on Slack or email her, and most of the time got a response within an hour. The consistent turnaround time was very impressive and instrumental to our success,” shared Matthew.
One of Matthew’s favorite platform features was the vendor management tool, where he could record physical and non-physical assets and their risks. He also appreciated the security awareness training and the ability to manage vendors.
The integrated audit experience kept the process moving. During their SOC 2 observation period, Thoropass helped Matthew keep the necessary evidence on-hand and accessible.
The in-tool audit experience was a massive benefit. I could just log in, answer the open evidence requests, and I knew that I had checked off everything I needed to keep the audit process going.
Matthew Kloster
GitClear
Matthew also leveraged Thoropass’ penetration testing service to secure and certify their web application. Thoropass designed a pentest aligned to OWASP standards that met GitClear’s unique use case, based on a typical user flow, and highlighted some unexpected areas of improvement. The final report was detailed enough to satisfy customers without revealing proprietary information.
RESULTS
Improved customer trust and lead generation
The GitClear team achieved both SOC 2 and ISO 27001 certifications within their timeline of 4-6 months. Customers now have increased trust in their security practices.
The first thing we do with our customers is request access to their code repositories. Having these certifications definitely helps them to feel confident in making that step.
Matthew Kloster
GitClear
The certifications have also been a great marketing tool, differentiating GitClear from the competition. Since adding the compliance badges to their website, GitClear’s click-through rate to their free trial increased from roughly 2% to 5%, increasing inbound lead flow and overall opportunity generation. The certifications also unlocked potential market opportunities such as inclusion in app marketplaces.
LOOKING AHEAD
With SOC 2 and ISO 27001 in hand, additional frameworks are now within reach
For Matthew, working with Thoropass made compliance much less intimidating. Rather than the massive undertaking he imagined, he found that compliance is really an aggregation of small steps. With ISO and SOC 2 complete, Matthew feels confident they could expand to other frameworks in the future.
Each small step contributes to an overall larger picture about your company. If you can do all of the smaller things bit by bit, you’re going to get there. Compliance is within reach, even for small teams.
Matthew Kloster
GitClear
GitClear
GitClear
Featured
Product
ISO 27001,
Penetration Testing,
SOC 2,
Industry
Software Engineering
Company size
1-10
Location
Seattle
Related Customer Stories
HealthSnap upgrades to latest HITRUST certification while increasing efficiency and automation
HITRUST,
How Long Tail Health Solutions built a security-first health platform, achieving HIPAA and SOC 2 compliance early on
Penetration Testing,
HIPAA,
SOC 2,
.png)
