Responding to customer needs for data security & finding expert help to build an always-on data security program
As 2Morrow grew it began working with larger customers, including Fortune 500 companies. 2Morrow CTO, Kim Hansen said his need for a formal data security and risk management program really came from customer requirements. This led to a greater demand for an industry recognized report showcasing their data security program, such as SOC 2. Hansen realized that as a smaller business, 2Morrow was going to need some help to establish a more formal data security program so he began looking for a solution.
In his search for a solution “[Ostendio] rose to the top really rapidly,” according to Hansen. He found the web app to be consistent and straightforward to use. Hansen also discovered Ostendio Professional Services was exactly what his organization needed to learn about SOC 2 and the policies and procedures that would be required.
“We chose Ostendio because we didn’t have a full-time, dedicated compliance or security officer. The platform provided a tool everybody could use to provide the objective evidence that’s necessary for an audit to be successful,” said Kim Hansen, CTO, 2Morrow.
2Morrow uses many of the Ostendio platform features and has focused on document management, ticketing and the audit feature to prepare for an upcoming audit. Asking Ostendio Professional Services for support during this busy time has also made a positive impact.
“Being able to rely on [Ostendio] Professional Services was absolutely key and the quality of the professional services we received helped us to be successful. Professional Services gives us the ability to get to the first audit and establish best practices using the tool so that we can maintain ourselves in good standing in the future,” added Hansen.
By using the Ostendio platform and getting support from the Ostendio Professional Services team, 2Morrow has established its data security program and is working towards a SOC 2 Type II audit. The Ostendio platform equips high growth companies with agile, always-on information security programs that include everyone: employees, vendors, partners and auditors.