E-commerce platform, Convictional, utilizes SOC 2 to grow business and cut sales cycle in half.
A new B2B commerce platform, Convictional, is reinventing the way businesses handle sales transactions online. From onboarding to product and pricing management to generating wholesale orders, and everything in between, Convictional provides the end-to-end solution that makes online B2B happen. The company now enables some of the fastest-growing suppliers to sell to all kinds of businesses, no matter the size or commerce system.
Because Convictional is an e-commerce platform, it is responsible for sensitive online data such as personal customer information and proprietary business information for major retailers, distributors, and other B2C and B2B marketplaces. Communicating its security competency was crucial to helping Convictional grow its business and become enterprise-ready.
Convictional realized it needed a way to communicate how it’s handing its data with the highest degree of information security and confidentiality. A SOC 2 Type 2 report was the answer. This extensive report not only meets the needs of a broad range of customers that request detailed information and assurance about the controls at a service organization, it also includes an opinion over the suitability of the design controls at the service organization and the operating effectiveness of the controls throughout an extended period of time.
“A SOC 2 report would align us with compliance, risk, and security groups inside enterprise accounts, without having to engage in the time-consuming scope of vendor questioning each time,” said Roger Kirkness chief executive officer at Convictional. “To sell to major enterprise customers and grow our business, we needed this type of assurance. It shows our continuous adherence to security protocol.”
At Convictional, we take data security seriously. When working with larger clients, they require us to complete a full-security questionnaire. For smaller clients, they may not know how to ask those critical security questions.
When choosing an audit partner, Convictional wanted to work with a team who understood its position as a small but serious and rigorous company. It found a partner in BARR Advisory, a team who shares those same hardworking qualities.
BARR’s approach began with a readiness assessment. Prior to working together, Convictional had started the process of preparing for a SOC 2 on its own, but felt it was lacking in direction and experience. “BARR shared with us exactly what to expect and what was going to be involved in the audit. We learned how to gather and present evidence. System descriptions were presented in a way that was most useful and actionable to the auditors,” said Kirkness. After completion of the readiness assessment, it was time for the audit.
Day-to-day, the four-month audit process involved a series of spot checks and evidencing; evidencing through a period of time, random gathering of evidence, as well as evidencing when issues occur. BARR’s work was fully remote and both teams utilized Google Cloud Platform (GCP), which removed a lot of local data and physical access concerns. BARR also utilized the compliance automation software, Vanta, which streamlined that process even more through its suite of security tools and monitoring platform.
The handoff from the readiness team to the audit team was handled well. I felt there was some kind of translation layer where expectations were set for us, which allowed the audit to be more efficient and rigorous.
The biggest benefit Convictional experienced was in its sales process. Prior to working with BARR, Convictional’s sales cycle would take an average of one to two months due to extensive security questionnaires and assessments.
After achieving SOC 2 compliance through BARR, Convictional began closing deals in as little as one to two weeks—cutting the sales cycle in half. Now, Convictional is enterprise-ready and B2B e-commerce is a safer place to do what businesses do best.
It was impressive how BARR catered to our unique business needs. Between working remotely, utilizing GCP, and BARR’s connection with Vanta, I feel we saved ourselves 80 percent of the effort. The process could not have been more efficient.
