How FinTech Company Zūm Rails Quickly Obtained SOC 2

A case of preemptively focusing on continuous compliance in order to meet high stakes industry demands

ABOUT ZŪM RAILS
Zūm Rails’ all-in-one payments gateway empowers businesses to pick and choose their optimal payment method mix to meet their ideal workflow through a powerful API layer or payment portal that offers the most elegant user experience in the market.
Website
Location
Montreal, Quebec
INDUSTRY
Financial SaaS
SOCIAL

The Challenge

The fintech and payments space is incredibly sensitive to the topic of security (and rightfully so). As an emerging leader in the industry, we felt confident in the infrastructure and controls we’d put in place to ensure the highest level of data protection for our clients.

But answering endless customer questionnaires and ensuring that we were always maintaining and staying on top of our controls became an inevitable time suck. How could we quickly and continuously lead in this part of our business?

The Solution

Meeting generally accepted compliance frameworks seemed to be the next logical step in our journey. We knew it was paramount in building client trust and accelerating our sales cycle. But when we did our initial research, the cost and sheer magnitude of the process seemed highly time consuming.

We quickly saw the value in utilizing a compliance automation product. We were hopeful that such a tool could provide strong time to value and help us continuously monitor our controls as Zūm Rails scaled.

Why Drata?

Drata’s level of automation and continuous approach to compliance was huge for us. While nothing can be automated 100%, Drata’s integrations and crystal clear user interface made the process far easier than we could have ever anticipated.

What’s more, we were struck by Drata’s own commitment to security and compliance. You’d think that all companies in the space would build their products with this top of mind, but we didn’t necessarily find that to be the case. Drata really “walked the walk” in numerous ways, including using their own technology to achieve SOC 2.

READY TO PUT SOC 2 ON AUTOPILOT WITH DRATA?

The Audit Preparation

Our choice to go with Drata was largely driven by the advanced technology the company was able to provide. But after onboarding, we were impressed by how incredibly supportive and helpful Drata’s customer success team was. Every meeting request, email, or Intercom support message was answered right away with a thoughtful, impactful response.

Between the platform, the always accessible support staff, and a much-appreciated recommendation to the Johansen Group for our audit, we were able to gain instant visibility into our controls, prepare for the audit, and have our SOC 2 Type 1 in hand in 10 weeks.

What Was the Biggest Surprise?

During our SOC 2 audit, Drata launched a series of new features and functionality, including the ISO 27001 framework and the ability to see all of your controls and relevant mapping at once. The timing was ideal for us and we’ll start using these additions right away.

What’s Next for Zūm Rails?

Receiving our SOC 2 Type 1 was a great accomplishment and will go a long way in showcasing our commitment to security with our clients. And now we have everything organized and continuously monitored in the Drata platform, so it makes sense to go for our SOC 2 Type 2, ISO 27001, and beyond.

The payments industry is high stakes when it comes to security and compliance. The journey by no means ends with successfully meeting SOC 2. Drata helped us not only achieve our initial goals, but will support us as we continue to build upon our strong foundation.

Nadhir Khayati - Head of Engineering, Zūm Rails

Subscribe & receive the latest content.

Subscribe & receive the latest content.

PUT COMPLIANCE ON AUTOPILOT

Get Started Today

Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.

JOIN THE HUNDREDS OF COMPANIES THAT TRUST DRATA
JOIN THE HUNDREDS OF COMPANIES THAT TRUST DRATA
Trusted by the best:
joe-reeve2
Case Study:

Learn how Iteratively used Drata to get their SOC 2 report faster than most thought possible, and now monitor their security & compliance posture…