Berkshire Grey

CHALLENGE

Berkshire Grey needed a tailored approach for SOC 2 to meet customer demand

Brian McCarthy, VP of Engineering, DevOps and Infrastructure at Berkshire Grey, was looking to streamline internal processes and shorten the sales cycle. Customers had high security expectations, and the team was spending increasing amounts of time responding to questionnaires with up to 700 questions. Based on customer demand, he decided to pursue SOC 2 compliance.

In his previous experience with audits, auditors had a one-size-fits all approach. But Brian and his team were looking for a compliance partner who could not only conduct a SOC 2 audit, but also guide them through the process, automate evidence collection, and scope the project to their needs. 

Brian shared, “we were looking for a match with our philosophy and approach.”

SOLUTION

Surprising ease found with Thoropass’ in-house audit team

The Customer Success Managers (CSMs) at Thoropass made the experience completely different from the traditional audit firms the team had worked with in the past. From onboarding through their audit and beyond, Berkshire Grey’s dedicated CSM held weekly calls to answer questions and keep their audit preparation process on track.

Aaron Branham, IT Director at Berkshire Grey, said their CSM always showed up to the calls prepared.

He explained, “they’d done their homework, and they had already read the documents. We were able to get answers in real time and move forward.”

The CSM was also instrumental in helping the team to tailor and scope policy templates in a way that met their needs within the compliance framework.

Along with the CSM, the easy-to-use Thoropass platform simplified the process. The evidence requirements were clearly communicated, and the platform kept all documents in one place and maintained version control. Thoropass collected evidence automatically through integrations with the platform such as GitHub and BambooHR, and automated the access review process.

Speaking to this, Austin explained: “the integrations with the various cloud platforms have been absolutely monumental in reducing the amount of time that we have to spend in spreadsheets.”

When it came time for their audit, the Berkshire Grey team found Thoropass’ in-house auditors easier to work with than expected and committed to understanding their business and specific needs.

Multi-framework compliance made easy with control mapping

After completing their SOC 2 audit, the Berkshire Grey team was ready to tackle additional frameworks. In order to grow its business in Europe, where they have staff in 13 countries, the team began pursuing GDPR compliance. The Thoropass platform eliminated redundant work by mapping the overlapping controls between the two frameworks.

“Once we had our policies nailed down, we had a lot of the evidence already taken care of, and we’re able to map it from SOC 2 over to the GDPR-specific controls,” explained Austin.

RESULTS

A successful first SOC 2 audit and a second year audit in just 25% of the time

Berkshire Grey successfully completed its first SOC 2 Type 2 audit in about six months, resulting in an improved security posture and increased customer trust.

However, the benefits compounded as Berkshire Grey maintained compliance with Thoropass. The following year, with muscle memory and integrations in place, the team completed their SOC 2 renewal in only 25% of the time.

LOOKING AHEAD

Peace of mind as they grow with the right compliance partner

Berkshire Grey plans to maintain SOC 2 and GDPR with Thoropass, and is currently working on SOC 3.

The team was relieved to find that although the company has grown, it has not impacted the scope or resources required for compliance. They intend to expand to other frameworks depending on customer needs, knowing that Thoropass makes multi-framework compliance manageable.

Aaron shared, “we’re not scared about the next one. We feel like we have the right nimble team and the right partner to get that done.”