HalcyonFT

CHALLENGE

Build or buy? HalcyonFT chooses the path to faster compliance

Joe James, Partner, Director of Projects of HalcyonFT, had helped previous companies achieve SOC 2 attestations and ISO certifications. When prospective customers increasingly began asking for due diligence questionnaires regarding SOC 2 and ISO 27001, Joe knew it was time to pursue both certifications. 

He considered preparing for the SOC 2 and ISO audits himself, but estimated it would take three years. Weighing this significant time commitment against the risk of non-compliance, he ultimately decided to revise his strategy.

Joe evaluated multiple compliance solution providers. He found that while other providers gave him a sales pitch, Thoropass was the only one willing to give an in-depth demo of the platform. 

SOLUTION

Thoropass provided guidance and a roadmap, streamlining the process by 66%

First, HalcyonFT tackled SOC 2 attestation. Thoropass’s in-house team of compliance experts and easy-to-use platform helped Joe simplify and accelerate the attestation process. From implementation to audit, Joe appreciated the weekly calls and constant communication from his Customer Success Manager (CSM).

The expert guidance helped Joe and his team stay on track while working through the SOC 2 framework. For each evidence request, Joe would simply look at the specifications, upload the information, and receive detailed feedback. Thoropass’s policy templates also provided the HalcyonFT team the guardrails they required to make sure that their existing policies were inline with the requirements for SOC 2 and ISO 27001 compliance.

Once they achieved SOC 2, Joe and his team tackled ISO 27001. Within the Thoropass platform, it was easy to map SOC 2 evidence to matching ISO requirements. According to Joe, “once we got past SOC 2, ISO was a walk in the park, because we had that framework already laid out, and a lot of it overlapped.”

RESULTS

Achieving SOC 2 and ISO certifications brought in new customers and revenue

They implemented the required controls to meet SOC 2 criteria in about 100 hours and then proceeded to implement the required controls to support ISO 27001 in just 50 hours through the use of the platform’s multi framework capabilities and efficiencies–a third of the time Joe expected.

Beyond the time savings, SOC 2 and ISO certifications have brought in new clients for HalyconFT.  Joe says that “while HalcyonFT already maintained best-in-class information security and data governance, attaining these certifications differentiated us from some of our competitors and is a heavy checkmark on our existing and future client regulatory compliance requirements.”

“While HalcyonFT already maintained best-in-class information security and data governance, attaining these certifications differentiated us from some of our competitors and is a heavy checkmark on our existing and future client regulatory compliance requirements,” explains Joe.

LOOKING AHEAD

HalcyonFT plans to keep certifications up to date and recommend Thoropass to clients

Moving forward, Joe plans to keep HalyconFT’s certifications up to date with Thoropass. The team is also recommending Thoropass as a compliance solution to its financial clients.