Customer Stories / Opstream

From early vendor hurdles to efficient results: Opstream secures seamless SOC 2

Opstream revolutionizes the purchasing process for organizations through an intelligent intake and orchestration procurement platform. In order to gain customers’ trust in managing sensitive financial data, Opstream took a security-first approach from day one.

CHALLENGE

Technical expertise wasn’t enough

As CTO and Co-Founder at Opstream, Mor Cohen-Tal’s first priority was to build a product with a secure architecture that her customers could count on. Coming from the world of cloud architecture and cloud best practices, her technical knowledge was on point, but she soon realized that wasn’t the full picture. Opstream needed credible third-party evidence to demonstrate their security posture to prospective customers.

You can have the best technically secure solution, leveraging best practices with flying colors, but that’s not enough.
The business processes are just as much a part of running a secure operation as the technical aspects, and we needed the oversight and the proof to show for it.
Mor Cohen-Tal
CTO and Co-Founder
Opstream

Mor determined that Opstream needed a SOC 2 Type 2 audit. Knowing time was their biggest resource, they wanted to do it as efficiently as possible, and contracted a vendor to help manage the process. Unfortunately, the first vendor they chose didn’t deliver on that efficiency. A year into the process, Mor made the difficult decision to switch providers.

We were unhappy with the previous provider that we picked for many reasons, but most importantly, it was the auditor and the platform being separate.
We were engaging with the auditor on Slack, managing things in two places, and having to duplicate evidence collection to align between the two. There was so much potential to do things better and more effectively. That’s when we switched to Thoropass.
Mor Cohen-Tal
CTO and Co-Founder
Opstream

SOLUTION

Partner with Thoropass for a seamless end-to-end compliance and audit experience

With its holistic approach to security and compliance, a seamless platform, and hands-on support, Thoropass was the partner Opstream needed. Thoropass consolidated all aspects of the audit within its platform–from penetration testing to AWS connections to training. Best of all, Thoropass’s customer success and compliance experts kept Mor and her team on track.

Thoropass is one of the most responsive vendors I’ve ever worked with. Going through an audit is not easy, no matter what system you have–it gives you a little bit of heartburn.
But our Customer Success Manager kept me on track in the nicest possible way, facilitating everything, and making sure I didn’t drop any balls. He took the angst out of this entire process.
Mor Cohen-Tal
CTO and Co-Founder
Opstream

RESULTS

Peace of mind and enhanced sales processes

Opstream passed their SOC 2 audit, giving Mor and her customers confidence in Opstream’s security stance.

You can’t put a price tag on knowing that you’re not going to wake up to a big security incident.
We’re going to be alerted, we’re going to be notified, and we’ll be able to react quickly. That piece of mind is the biggest impact, both for us and our customers.
Mor Cohen-Tal
CTO and Co-Founder
Opstream

Those assurances have helped streamline Opstream’s sales process. When security questions arise, information security teams can easily review the reports in Thoropass and overcome that objection in seconds.

FUTURE

An expanded view of compliance

Opstream continues to put security first, pursuing additional standards to meet customer demand like HIPAA and AI regulation. With Thoropass as a partner, Mor has expanded her view of compliance from a checkbox to a critical piece of her company’s brand.

There are certain things in life you just have to pass. And I viewed compliance as one of those things. But as part of this journey, I learned that is not the case. Security reports are part of what prospects and customers see.
It’s a way for customers to look behind the curtain. When they do, I want them to see that we appreciate that they trust us to safeguard their data, it is our responsibility, we take it seriously, and we’re not waving our hands just to check a box.
Mor Cohen-Tal
CTO and Co-Founder
Opstream

Partnership lightens the load: AWS

To build a truly comprehensive compliance program, it takes a village. Several solutions played a role in Opstream’s compliance journey, all from AWS. These include services like:

EC2
Elastic Beanstalk
Aurora
S3
DynamoDB
Lambda
ALB
WAF
VPN
Cloudwatch
Cloudtrail
Security Groups

The AWS Thoropass integration helps Opstream ensure that their systems are adhering to the best in class security standards on an ongoing basis. This not only helps them uphold their promise to customers, it reduces the need for periodical manual reviews which are both time consuming and insufficient.

Opstream

Find your comprehensive compliance partner in Thoropass

Talk with one of our experts to build your custom path to compliance and take advantage of Thoropass’s thoughtful automation, expert guidance, and security audit experience.

Talk to an Expert

Featured Partner

AWS

Product

SOC 2,

Industry

B2B Software, Procurement

Company size

11-50

Location

United States