Case Study

Cinchy’s Compliance Journey: SOC 2 Type 2 and ISO 27001 audit

Laika

Reading time < 5 min

Cinchy builds data-centric solutions that make integration obsolete. By fundamentally changing the way data works, Cinchy eliminates countless copies of data and restores data access control. 

With on-demand guidance from Laika’s compliance architects, Cinchy received an ISO 27001 and SOC 2 Type 2 report. We spoke with Saskia Bec, Information Security Analyst at Cinchy, about how seamless their experience was with Laika. 

How It Started

Cinchy’s data fabric platform allows businesses to collaborate in real-time, sharing controlled access to original sources. When a change is made, that change is seen instantly across every platform. 

With data at the heart of their application, Cinchy needed a dedicated security team to help promote a new era of collaboration and data exchange among devices, applications, and people. 

“As a technology company, security is very important to us. Even at our stage, being a startup, it was important that we prioritized getting certified. We wanted to let our customers know that we’re taking those extra steps to protect their data.”

Leading with a security-first mentality, Cinchy prioritized finding a partner that would guide them on their compliance journey. They realized that finding and working with a team who can navigate the landscape and ensure successful implementation of their security goals made the difference. 

“We needed a team that would help us get our reports, choose an auditor, and get us through the audit process. When we first started looking, we looked at who would help us get our reports in the most time-efficient way possible while still ensuring quality work. Without Laika, achieving these reports definitely would’ve been harder.” 

Audit Preparation & Readiness

While SOC 2 and ISO 27001 controls often overlap, the frameworks differ in scope. To become SOC 2 compliant, businesses need to choose particular controls that test against chosen trust services criteria. ISO 27001, on the other hand, is more prescriptive and defines 114 controls that deal with physical, technical, legal, and organizational security. 

Cinchy began building their compliance posture with ISO 27001. Laika’s team of compliance architects conducted a gap analysis to create a prioritized task list. After classifying data and building network architecture diagrams, Laika’s compliance experts crafted a customized task-list that provided a clear path to certification. 

Because controls for ISO 27001 and SOC 2 are similar, Cinchy streamlined the entire SOC 2 process. Laika Playbooks automatically mapped their controls to a SOC 2 Type 2, which tested against the security and availability criteria. Cinchy’s team of compliance experts conducted risk assessments before both audits to ensure a seamless audit process. 

Laika Framework Agnostic Features 

Cinchy leveraged different Laika features to breeze through their ISO 27001 and SOC 2 process, including Compliance Architects, Playbooks.

Compliance Architects

Cinchy leveraged a dedicated team of compliance architects every step of the way. Laika’s experts conducted gap and risk assessments, crafted a tailored task list to achieve both ISO 27001 and SOC 2 audits, powered through the audit, and answered customer security questions. 

“That extra piece of advice, guidance, and communication throughout the entire process was beneficial. Laika’s compliance architects helped us so much, especially during the audit process. From our side we had never gone through an audit before, so having someone to field any questions the auditor had was really helpful. 

Playbooks

Cinchy used Laika Playbooks to move through ISO 27001, followed by SOC 2 Type 2. Playbooks guided Cinchy through a step-by-step tasks list and helped implement all the best practices. Because ISO 27001 and SOC 2 overlap, Laika’s Playbooks applied ISO 27001 controls to SOC 2, cutting down 75% of the time required to implement both. 

“The Playbooks tab was a really clear way of seeing all our big objectives and tasks. It helped me understand the bigger picture and what exact documents we needed to upload as evidence. That was a really helpful piece of Laika”

Audit Process

The audit process for Cinchy’s ISO 27001 certification was broken into two steps: a readiness assessment and formal compliance audit. The Laika team completed the initial readiness assessment required for ISO 27001, preventing Cinchy from hiring an additional outside resource. 

Cinchy’s formal ISO 27001 compliance audit was completed in four weeks with minimal remediation during a two-week period.

After the thorough ISO 27001 audit process, Cinchy’s SOC 2 audit was completed in two weeks. Their Type 2 audit tested their controls in operation over the course of a 6 month period. During both audit processes, the Laika team handled the day-to-day and acted as the first point of contact. 

What’s Next?

While the audits were the latest milestone in their compliance roadmap, Cinchy’s promise to ensure security doesn’t stop there. Their dedication to maintain a secure compliance posture and scale it as they grow reflects their commitment to empowering data independence. 

“Congratulations to the Cinchy team for receiving their SOC 2 and ISO 27001 report! Cinchy’s core values of data centricity and autonomous data translates directly into their commitment to keeping their customers’ information safe and secure. The teams’ dedication to going above and beyond is a testament to the accountability, responsibility, and integrity of their business operations. I look forward to working with them closely in the future.”

Amalia Simpson, Customer Success Manager at Laika

Sign up for our newsletter

Sign up for our newsletter