June 18, 2022
3
 Mins

It's a myth that becoming SOC2 compliant hinders product development

It's a myth that becoming SOC2 compliant hinders product development
It's a myth that becoming SOC2 compliant hinders product development
Author
Sudheer Bandaru

These past few months, Insightly’s engineering team has been focusing on building user-focused features to improve the customer experience with the product dramatically, while simultaneously getting security compliant. Primarily our focus was on 3 fronts - 

  • JIRA Integration: With the launch of this integration, we are now able to get an epic-level breakdown into every sprint. This dashboard can show you the effort developers spend building new features vs. fixing bugs. You can also use this integrated dashboard to align engineering outcomes with business goals.

  • Cockpit: This dashboard is aimed at giving senior leadership a pilot’s view into all teams at a squad/cohort level, so even when flying on auto-pilot all alerts, warnings and commands are at their fingertips. We believe measuring engineering efficiency isn’t uni-dimensional and improving in one area shouldn’t negatively impact other areas. This helps CTOs/ Engineering Heads to get a comprehensive overview of overall throughput, speed, and quality of releases in a single place. 

  • Compliance: While this was ongoing on the product side, we were aware of how important it is to have the highest level of trust and transparency in cloud service providers' operations, methods, and results as we often work with outside partners. To showcase this trust, transparency, and credibility to our customers, we preemptively decided to get audited for SOC 2, while also maintaining the efficiency and pace of product development.

Insightly Analytics Celebrates Becoming SOC 2 Compliant

The SOC 2 standard specifies how companies should handle client data across 5 key Trust Services Criteria (TSCs) - Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

The SOC 2 report gives customers, regulators, business partners, and suppliers critical information about how an organization manages its data. Getting the right kind of security for our data was an imperative question that we found ourselves caught in. At the same time, being a B2B SaaS company, we couldn’t compromise on the pace of our product development. Development of a user-friendly product to help our customers build high-performing engineering teams, equipped with efficient and seamless processes is the cornerstone of our mission at Insightly. To ensure that our product and engineering teams are not bottle necked due to SOC 2 audit requirements, we decided to not approach a SOC 2 auditor directly.

Instead, we chose to partner with Scrut Automation, a compliance automation platform that acted as a true partner in establishing the right info-sec posture and helped us in accelerating our SOC 2 audit. Being SOC 2 compliant helps us to showcase to our ecosystem of customers, partners, and employees that we take information security seriously, building a sense of reliability. It also helped us establish key controls for securing our systems and process that manage our users’ data.

We recognize that completing the SOC 2 audit was a step in the right direction; one that enables us to successfully represent credibility and reliability to our future clients, partners, and stakeholders. We continue to uphold this promise and will fortify our information security by establishing stronger controls, and getting compliant with ISO 27001 and GDPR.

Written by
It's a myth that becoming SOC2 compliant hinders product development
Sudheer Bandaru
Founder, CEO

Sudheer started as a Software developer in Silicon Valley, worked at startups and large corporations like Merrill Lynch, AT&T, Hewlett Packard. Sudheer got into engineering leadership roles at startups that went IPO, led multiple M&As in the US, and managed remote global teams. During his career, there were many instances where he felt that a lack of data-driven culture for continuous improvement of processes led to poor gut-based decisions and costly mistakes. This problem led him to start Hivel which helps engineering teams continuously improve via access to critical metrics using interactive dashboards and actionable insights.

Engineering teams love
Hivel