Case Study

Prime 8 Consulting Turns to Hyperproof to Maintain Continuously Compliant Posture 

Prime 8 Consulting


Microsoft SSPA



Founded in 2006, Bellevue-based Prime 8 Consulting develops and executes innovative business strategies to help companies succeed, with clients ranging from small businesses to multinational corporations across a diverse set of industries. Prime 8 is a preferred consulting firm to Fortune 50 technology, communications, and healthcare companies in the greater Seattle area and beyond. In 2020, the company was recognized for the sixth time as one of the “100 Best Companies to Work For” by Seattle Business Magazine.

The company views its compliance program as essential to maintaining its status as a preferred consulting partner to Fortune 50 companies. “We take compliance very seriously, it’s important for our clients’ data safety and our company’s data safety. There’s lots of bad actors out there, you can’t really let your guard down. Clients have the expectation we are keeping their data safe,” says Carl Lombardi, VP of Operations at Prime 8.

To demonstrate that Prime 8 takes information security, data privacy, and compliance seriously, Prime 8 adheres to Microsoft SSPA and SOC 2.

Product Used: Compliance Operations Module

Quick Facts: Management Consulting // Bellevue, WA

2 Hrs

Up and running after only two hours of product training

Continuously compliant posture ready for any spot audits

7 Days

A full week saved just in time spent gathering data for their auditor

The Challenge

Prime 8 has adhered to Microsoft SSPA for a number of years, but earlier this year they saw a need to gain a SOC 2 certification in order to grow their business. Prime 8 saw that SOC 2 represents a level of compliance maturity that many client companies appreciate or are requiring of vendors who are looking to do certain types of work for them. To go through the SOC 2 certification process, Prime 8 needed the right software in place to support their compliance program.

Once Lombardi found a certified auditor to work with for the SOC 2 attestation process, he asked his auditor for a recommendation of a compliance software. The auditing firm referred him to Hyperproof.

Quote Sign
As soon as I saw a demo of Hyperproof, I knew it was what I wanted. Our company needed to put more structure around compliance going forward. When I saw Hyperproof, I thought, ‘That system is ready for whatever we’re going to throw at it.

Carl Lombardi

VP of Operations // Prime 8 Consulting

Carl Lombardi

Why Hyperproof

Maintain a Continuously Compliant Posture

The ability to maintain a consistent compliance program is considered a must-have for Prime 8, and Hyperproof has become the platform that best supports this objective.

Quote Sign
Hyperproof isn’t just a great storage solution for compliance-related documents. It’s an effective every day compliance monitoring tool. It gives us the flags and the structure to make sure we’re staying on top of all of our compliance obligations. Our company was always good at getting things done, but I wanted a tool that helps us get things done with consistent tracking.

Carl Lombardi

VP of Operations // Prime 8 Consulting

Carl Lombardi

“With Hyperproof, we no longer need to remind ourselves to do specific compliance tasks. The system flags items that are about to expire, helping me keep up with my reviews of controls and evidence. With Hyperproof as the system of record for all of my work, I am ready for a regulatory body or a customer to come in and do a spot audit at any time. I would feel comfortable showing an auditor what the company is doing, because the evidence is in the tool.”

Immediate Time to Value

“My role as the VP of Operation for the company is quite broad. I work on many cross-departmental projects, compliance is just one area under my responsibility. We need compliance software to deliver immediate time to value, because we don’t have much time to learn a new tool”, says Lombardi.

Lombardi was able to see value from Hyperproof immediately post-purchase through Hyperproof’s SOC 2 and SSPA templates.

“We got through product training in two hours. The moment our instance was set up, we started using the platform to prepare for our upcoming SOC 2 and SSPA audits. Hyperproof comes pre-loaded with SOC 2 and SSPA requirements, and gives us indicators on how much work is involved,” says Lombardi.

Cut Audit Prep Time by Multiple Days

Thanks to Hyperproof’s design, which allows Prime 8 to organize proof and documents in an intuitive way, Lombardi’s team can reduce the time spent preparing for SOC 2 and SSPA audits, a key benefit for this VP whose time is in short supply.

“I really love that Hyperproof keeps all versions of proof. Instead of storing these documents in some remote database, we store them in Hyperproof. An auditor can go into Hyperproof to see the history of all the versions of a document, understand what we’ve done and how the proof is changing over time. Without this feature, we would spend a lot more time finding and sending versions of documents to my auditor.”

Quote Sign
I also like the fact that my auditor can go into Hyperproof to review documentation on their own. We didn’t have to put anything together just for the auditor to review, which is what I would have done before we had Hyperproof. Our auditor loved how easy it was to review all of our documentation in Hyperproof. Each document was already tied to questions from both audits (SOC 2 and SSPA). They didn’t struggle to find what they were looking for.

Carl Lombardi

VP of Operations // Prime 8 Consulting

Carl Lombardi

Lombardi estimates that Hyperproof saved approximately a week’s worth of work just in getting all the data pulled together for their auditor. The auditors were able to save a day or two. Even when the auditors had questions during their evidence review, Lombardi and team were able to provide them with updates in the tool (as opposed to email), saving additional time.

Responsive Customer Support

In addition, Lombardi noted that Hyperproof was always responsive to his questions, promptly answering them so he quickly can do what he needs to get done.

Download Case Study

Advice for Others Evaluating Compliance Software

Lombardi’s one piece of advice for those evaluating compliance software is this: Make sure the software fits into how you do your compliance work.

“To take full advantage of compliance software, it’s important to have the structure set up within your company to use the software. Make sure it’s not just a place where you store documents but something that can become your everyday compliance monitoring tool. I can’t stress the monitoring piece enough. Clients and customers expect your company to take the protection of their data seriously. You can’t let your guard down.”


With Hyperproof, Prime 8 Consulting was able to create a single source of truth for compliance and automated routine, repetitive work, steamlining workflows and reducing work for teams across the organization.

To see the Hyperproof platform in action, schedule a demo with our team today.