Demonstrating secure handling of programmatic data
Navigating privacy regulations even without inherent expertise
Location: Denver, USA
Industry: SaaS
$400k saved from external consultancy
Faster pace in market expansion
Greater visibility over risk posture
Context
Demonstrating secure handling of programmatic data
Choozle is a digital advertising software platform that works with organizations to improve marketing ROI through programmatic and algorithmic analytics. Their customers include Reddit, American Academy of Pediatrics, Save The Children Fund, and more.
For 2024, Choozle decided to focus more on brands and less on agencies in order to move upmarket from a client perspective. For this, a SOC2 compliance was necessary. Hence the news to start building relevant documentation to kickstart their compliance journey.
Joe Forrester, SVP Engineering & Product, Choozle
“We’ve been able to talk through processes and supply documentation that we worked with Scrut to generate, show policies and procedures in place , and generate evidence – which has led to opening doors to more deals.”
Challenges
Overcoming security hindrances in deal closures
It wasn’t exactly a cake walk though. With internal infosec expertise missing, it was challenging to demonstrate the right security posture required for those Fortune 1000 deals. Them main challenges were:
Lack of a plug-in solution
Everyone values ease of use and convenience but for a growing company with fast-paced development, it is extremely crucial. A solution that could offer instant visibility of weaknesses was very much desired.
Compliance guidance
Special policies needed to be created to cover the anonymized campaign metadata that Choozle handled. For this, just another run-of-the mill platform wouldn’t have been enough, and additional expert support at all times was critical.
Evidence collection
With multiple code repositories hosting huge amounts of data, tracking and collecting evidences for all components of SOC 2 compliance was a complex task.
Solution
Pain-free integration & greater visibility
The main thing that stood out for Choozle was constant support of the professional services team and the customer success team in generating relevant documentation for the entire SOC 2 journey. Also the tracing capabilities of the Policy module helped in better posture for audit reviews.
Next, onboarding on the platform took no more than an hour, and the cloud tests started almost immediately – giving a comprehensive view of critical and warning items across their applications. Tracking open risks was simplified with the risk assessment capabilities of the platform, and compliances of their sub-vendors were efficiently tracked with the in-built TPRM as well.
If we had to run this from the ground up, I’d have had to hire about 2 consultants or 3 full-time employees to help us through the program.
Impact
Enhanced growth readiness
Security-centric design and engineering process
While there had always been a security architecture while building the platform, the teams now have codified frameworks to work through and validate processes.This has led to everyone having a better compliance and security point-of-view in development.
Greater engagement with upmarket prospects
During the compliance journey, what helped Choozle get their foot in the door with bigger clients was having a platform to support and demonstrate their progress. Showcasing policies, procedures, evidences, from Scrut helped them show what they say they do, and enhance trust among prospects.
Access to a reliable compliance partner
Extensive guidance right from day 1, prompt support to keep the security program going forward, and add-on support for external VAPT audits, has enabled positive market movement so far. Needless to say that the ongoing relationship with Scrut is a highly valued aspect of this journey.