<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=323641658531367&amp;ev=PageView&amp;noscript=1">

Case Study

The Student Loan Company Builds Comprehensive Security Program, Achieves SOC 2 Type II Attestation




  • Siloed departments leading to disorganization with documents and processes

  • Needed to establish a coordinated, disciplined approach to data security that involved the entire organization


  • Always-on software that would grow and scale with their business

  • Software with an extension of a Professional Services team that aided in their SOC 2 preparation from start to finish in order to demonstrate security to clients.


  • Hours saved on SOC 2 prep with the ability to collaborate in-platform with their auditor

  • Company future-proofed with more frameworks to easily crosswalk to after SOC 2 audit completion.

The Challenge

Building a coordinated approach to data security: establishing a scalable data security program that is disciplined and organized.

As the company started building its data security program from scratch it knew that it had lofty goals. This student loan provider had access to its customers personal and financial information and it was imperative that it protected the information it stored and that it gave confidence to its customers that their data was handled securely. The student loan company understood how important it was to have a comprehensive data security program in place but needed help to get it started. When the new Chief Technology Officer (CTO) took over the role, they realized that many of the important elements were held by different departments and coordination across all departments needed to be improved. That’s why they signed up as an Ostendio Premium customer to ensure the company could be disciplined and organized and that it would help them reach the company goal of SOC 2 Type II.

The Solution

Finding help when it was needed most - a solution that would grow and scale with their business.

The Student Loan company started with the basics by building a program from the bottom up that would ultimately be able to grow and scale as their company also grew. The CTO realized they were going to need some expert help and so they engaged Ostendio in a Professional Services contract.  The Ostendio Professional Services experts supported the Student Loan company by becoming an extension of the current security team dedicated to this important project. Ostendio Professional Services provided expert assistance in the preparation work such as reviewing, developing and operationalizing their policies and procedures. “Ostendio provided support from the very beginning by identifying the gaps in their security program,” said Michelle Moreno, Ostendio Professional Services Director and ISO.

“The Ostendio platform had everything needed to guide this customer smoothly through their first SOC2 audit."

The Result

Reaching SOC 2 goals and future-proofing the company's security program

The Student Loan company uses Ostendio to handle:

  • Document management - with all the features of a fully operational Document Management System, the Ostendio platform serves as the central repository and access point for all policies, procedures, contracts, SOPs and any other critical documentation. Workflow powers document approvals acknowledgment processes, allowing Ostendio to track both approvals and acknowledgements across all documents and for all users.
  • Asset management - tracking their physical assets as well as ownership and location.
  • Employee training - a full Learning Management System allowing for the creation, distribution, and assessment of training.
  • Assessments - The Student Loan company used this module to pre-build assessment questionnaires for their chosen regulations and standards while also creating ad-hoc and custom assessments.
  • Policy and Procedure Templates - these allowed the Student Loan company to map to many common information security and privacy templates when creating their data security program.
  • Risk Management - The Student Loan company uses this module to identify and create mitigation strategies around risk management

After completing basic preparation with the Ostendio Professional Services support team, the Student Loan company was ready to select an audit partner for their SOC 2 audit. Ostendio Auditor Connect makes it easy to find and contract with a specialized auditor who can perform the SOC2 audit using the Ostendio platform. The Student Loan company selected A-LIGN as their audit partner. “The Ostendio Auditor Connect feature is an innovative way for clients and auditors to connect and contract for an audit engagement,” said Michelle Moreno, Ostendio Professional Services Director and ISO.

“Auditor Connect allows clients and auditors to collaborate real-time over documentation that has been provided and avoids time consuming, confusing emails of spreadsheets and word documents."

With both the client and auditor (A-LIGN) using the Ostendio platform, the Student Loan company saved time and money. The Ostendio platform allows both parties to communicate through the platform, sharing the required documents and discussing the policies that are required. This speeds up the audit process and makes completing a SOC 2 audit easier, and more cost effective, for all parties involved. The Student Loan company has successfully completed their first SOC 2 Type II audit and has built a robust data security program. In future years, using the Ostendio platform to complete the audit will be easier as the initial setup with relevant and operationalized documentation is already complete. As the company grows it can continue to use the Ostendio platform for all its data security and risk management needs. The platform maps to over 100 regulations and standards globally making it easy for customers to map their existing compliance documents and evidence to additional standards.

Ostendio provided support from the very beginning by identifying the gaps in their security program.

Michelle Moreno
Professional Services Director, Ostendio

About the company

This leading Student Loan Provider is simplifying the student loan experience. As a fintech lending company with a sole focus on private student loans, they’re using technology and their deep industry expertise to connect families who need to cover education costs. By specializing in student loans, they are able to give customers the attention they deserve and deliver loans that are simple, clear, and personalized for the individual.

Leave Nothing to Chance. Schedule a Demo Today.

Ostendio is the only risk management platform that strengthens your business operations, supply chain, and everyone you rely on with continuous security that is always on and always advancing.