The best way to understand how, what, and why we do what we do here at BARR is to learn about our work through another company’s experience. We’re proud to share client experiences that showcase how BARR helps leading SaaS providers simplify the path to security and compliance.
CASE STUDY: Convictional
At A Glance
A new B2B commerce platform, Convictional, is reinventing the way businesses handle sales transactions online. From onboarding to product and pricing management to generating wholesale orders, and everything in between, Convictional provides the end-to-end solution that makes online B2B happen. The company now enables some of the fastest-growing suppliers to sell to all kinds of businesses, no matter the size or commerce system.
Because Convictional is an e-commerce platform, it is responsible for sensitive online data such as personal customer information and proprietary business information for major retailers, distributors, and other B2C and B2B marketplaces.
Communicating its security competency was crucial to helping Convictional grow its business and become enterprise-ready.
“At Convictional, we take data security seriously. When working with larger clients, they require us to complete a full-security questionnaire. For smaller clients, they may not know how to ask those critical security questions,” said Roger Kirkness, CEO.
Convictional realized it needed a way to communicate how they’re handing its data with the highest degree of information security and confidentiality. A SOC 2 Type 2 report was the answer.
This extensive report not only meets the needs of a broad range of customers that request detailed information and assurance about the controls at a service organization, it also includes an opinion over the suitability of the design controls at the service organization and the operating effectiveness of the controls throughout an extended period of time.
“A SOC 2 report would align us with compliance, risk, and security groups inside enterprise accounts, without having to engage in the time-consuming scope of vendor questioning each time,” said Kirkness. “To sell to major enterprise customers and grow our business, we needed this type of assurance. It shows our continuous adherence to security protocol.”
When choosing an audit partner, Convictional wanted to work with a team who had empathy that they are a small but serious and rigorous company. It found a partner in BARR Advisory, a team who shares those same hardworking qualities.
BARR’s approach began with a readiness assessment. Prior to working together, Convictional had started the process of preparing for a SOC 2 on its own, but felt it was lacking in direction and experience.
“BARR shared with us exactly what to expect and what was going to be involved in the audit. We learned how to gather and present evidence. System descriptions were presented in a way that was most useful and actionable to the auditors,” said Kirkness.
After completion of the readiness assessment, it was time for the audit.
“The handoff from the readiness team to the audit team was handled well. I felt there was some kind of translation layer where expectations were set for us, which allowed the audit to be more efficient and rigorous.” said Kirkness.
Day-to-day, the four-month audit process involved a series of spot checks and evidencing; evidencing through a period of time, random gathering of evidence, as well as evidencing when issues occur.
BARR’s work was fully remote and both teams utilized Google Cloud Platform (GCP), which removed a lot of local data and physical access concerns. BARR also utilized the compliance automation software, Vanta, which streamlined that process even more through its suite of security tools and monitoring platform.
“It was pretty impressive how BARR catered to our unique business needs. Between working remotely, utilizing GCP, and BARR’s connection with Vanta, I feel we saved ourselves 80 percent of the effort. The process could not have been more efficient.”
The biggest benefit Convictional experienced was in its sales process. Prior to working with BARR, Convictional’s sales cycle would take an average of one to two months due to extensive security questionnaires and assessments. After achieving SOC 2 compliance through BARR, Convictional is closing deals in as little as one to two weeks—cutting the sales cycle in half.
Now, Convictional is enterprise-ready and B2B e-commerce is a safer place to do what businesses do best—business.
Contact us to learn more or, if you’re already a BARR client, begin creating a case study based on your experience with us.