Prime 8 Consulting Turns to Hyperproof to Maintain Continuously Compliant Posture
Bellevue, WA, USA
- Microsoft SSPA
- SOC 2
- Compliance operations module
Founded in 2006, Bellevue-based Prime 8 Consulting develops and executes innovative business strategies to help companies succeed, with clients ranging from small businesses to multinational corporations across a diverse set of industries. Prime 8 is a preferred consulting firm to Fortune 50 technology, communications, and healthcare companies in the greater Seattle area and beyond. In 2020, the company was recognized for the sixth time as one of the “100 Best Companies to Work For” by Seattle Business Magazine.
The company views its compliance program as essential to maintaining its status as a preferred consulting partner to Fortune 50 companies. “We take compliance very seriously, it’s important for our clients’ data safety and our company’s data safety. There’s lots of bad actors out there, you can’t really let your guard down. Clients have the expectation we are keeping their data safe,” says Carl Lombardi, VP of Operations at Prime 8.
To demonstrate that Prime 8 takes information security, data privacy, and compliance seriously, Prime 8 adheres to Microsoft SSPA and SOC 2.
Prime 8 has adhered to Microsoft SSPA for a number of years, but earlier this year they saw a need to gain a SOC 2 certification in order to grow their business. Prime 8 saw that SOC 2 represents a level of compliance maturity that many client companies appreciate or are requiring of vendors who are looking to do certain types of work for them. To go through the SOC 2 certification process, Prime 8 needed the right software in place to support their compliance program.
Once Lombardi found a certified auditor to work with for the SOC 2 attestation process, he asked his auditor for a recommendation of a compliance software. The auditing firm referred him to Hyperproof.
VP of Operations at Prime 8
By using Hyperproof, Prime8 Consulting achieved the following results:
Up and running after only two hours of product training
Continuously compliant posture ready for any spot audits
A full week saved just in time spent gathering data for their auditor
1. Maintain a Continuously Compliant Posture
The ability to maintain a consistent compliance program is considered a must-have for Prime 8, and Hyperproof has become the platform that best supports this objective.
VP of Operations at Prime 8
“With Hyperproof, we no longer need to remind ourselves to do specific compliance tasks. The system flags items that are about to expire, helping me keep up with my reviews of controls and evidence. With Hyperproof as the system of record for all of my work, I am ready for a regulatory body or a customer to come in and do a spot audit at any time. I would feel comfortable showing an auditor what the company is doing, because the evidence is in the tool.”
2. Immediate Time to Value
“My role as the VP of Operation for the company is quite broad. I work on many cross-departmental projects, compliance is just one area under my responsibility. We need compliance software to deliver immediate time to value, because we don’t have much time to learn a new tool”, says Lombardi.
Lombardi was able to see value from Hyperproof immediately post-purchase through Hyperproof’s SOC 2 and SSPA templates.
“We got through product training in two hours. The moment our instance was set up, we started using the platform to prepare for our upcoming SOC 2 and SSPA audits. Hyperproof comes pre-loaded with SOC 2 and SSPA requirements, and gives us indicators on how much work is involved,” says Lombardi.
3. Cut Audit Prep Time by Multiple Days
Thanks to Hyperproof’s design, which allows Prime 8 to organize proof and documents in an intuitive way, Lombardi’s team can reduce the time spent preparing for SOC 2 and SSPA audits, a key benefit for this VP whose time is in short supply.
“I really love that Hyperproof keeps all versions of proof. Instead of storing these documents in some remote database, we store them in Hyperproof. An auditor can go into Hyperproof to see the history of all the versions of a document, understand what we’ve done and how the proof is changing over time. Without this feature, we would spend a lot more time finding and sending versions of documents to my auditor.”
VP of Operations at Prime 8
Lombardi estimates that Hyperproof saved approximately a week’s worth of work just in getting all the data pulled together for their auditor. The auditors were able to save a day or two. Even when the auditors had questions during their evidence review, Lombardi and team were able to provide them with updates in the tool (as opposed to email), saving additional time.
4. Responsive Customer Support
In addition, Lombardi noted that Hyperproof was always responsive to his questions, promptly answering them so he quickly can do what he needs to get done.
Advice for Others Evaluating Compliance Software
Lombardi’s one piece of advice for those evaluating compliance software is this: Make sure the software fits into how you do your compliance work.
“To take full advantage of compliance software, it’s important to have the structure set up within your company to use the software. Make sure it’s not just a place where you store documents but something that can become your everyday compliance monitoring tool. I can’t stress the monitoring piece enough. Clients and customers expect your company to take the protection of their data seriously. You can’t let your guard down.”