PayEm allows finance teams around the globe to manage, automate and connect finance processes all within their holistic spend and procurement platform.
With that being said, information security has to be a top priority for PayEm, ensuring the personal and financial information of their customers is protected. But for a fast-growing startup undergoing SOC 2 for the very first time, they needed the right compliance solution to ease the time-consuming and complicated processes.
That is why PayEm chose Scytale to help them develop strong information security systems and practices while fully preparing them for their SOC 2 audit, using compliance automation and guided advisory.
We sat down with PayEm CTO, Omer Rimoch, to ask him a few questions about his experience getting SOC 2 Type II compliant with Scytale.
1. What were the SOC 2 compliance challenges faced by PayEm?
We knew we needed to start the SOC 2 compliance process, as our US-based customers and prospects were requesting it from us. However, we knew we couldn’t do it by ourselves as we did not have any prior SOC 2 knowledge, including understanding what the process and audit entails.
Most compliance solutions provide a product without any support, guiding you through processes and helping us understand what auditors really need. So finding a suitable SOC 2 partner was challenging.
Additionally, as we are a startup in growth mode, time is vital and we couldn’t afford to undergo a long, tedious compliance process delaying our goals.
2. How did Scytale solve these challenges?
What I loved about Scytale’s approach is that the company had a good vision of how the SOC 2 process should work. The best benefit working with Scytale was the great organization of the SOC 2 process, understanding exactly what we need to do and how to do it. Scytale’s team were the experts, advising us on what information security solutions will be best to implement, as well as ensuring the PayEm team can continue operating well during the SOC 2 process.
When I recommend Scytale to other SaaS companies, I always mention how it is the perfect combination between product and advisory, which I haven’t experienced from other similar vendors.
The main advantage with Scytale was the step-by-step process that was easy to follow and the fact that the compliance team took on the majority of the work, only requesting any input from us when absolutely necessary, which saved us a lot of time.
3. What was your experience with our compliance advisory team?
All contact points were great! We really felt like the Scytale team were all supporting us throughout the process, taking care of our needs. We got immediate responses, especially on any urgent compliance questions, which was exactly what we were looking for in a SOC 2 partner.
During the actual audit, the compliance team took full management of all communication and requests from the auditor, making the audit process effortless on our side and exceeding our expectations.
4. What were the end results from working with Scytale to get SOC 2 compliant?
As a CTO, my focus was always on information security, however there was a blind spot when it came to HR operations. Scytale helped us ensure security oversight across the entire organization, helping us become more security-conscious in everything we do.
Another key result is that we now have better security processes, especially with our third party vendor risk management.
Having improved internal security practices already in place, due to working with a smart compliance tool and receiving expert advisory, made scaling-up easier and more efficient. For example, with our onboarding and offboarding processes.
Working with Scytale to achieve SOC 2 compliance has also well-prepared us for future audits, like ISO 27001 certification.
Streamlining compliance with SOC 2 automation
SOC 2 compliance is vital in order for SaaS companies to scale-up, demonstrating reliable and effective information security systems. But eliminating the challenges associated with SOC 2 through streamlined compliance is just as vital. Take a look at what some of our other customers also have to say about their experiences getting SOC 2 compliant, powered by Scytale.