SOC 2 & ISO 27001 for SaaS: Build trust & boost sales through smart security compliance

Scytale CEO, Meiran Galis is a strategic and tactical leader in the realm of security compliance. Having worked with hundreds of SaaS companies including small startups and Fortune 500, Meiran built compliance programs for rapidly growing organizations and is passionate about implementing security controls that leverage automation, reduce the cost of compliance, and mitigate business risks. Discover how to streamline security compliance, manage it effectively, and reduce time and costs. Learn how to increase sales by enabling continuous auditing, building accountability and increasing transparency.

Summary of the Webinar


  • Meiran Galis, CEO of Scytale

In this webinar, hosted by the Future of SaaS Festival, Meiran Galis, CEO of Scytale, takes the stage to discuss the crucial topic of security compliance for SaaS (Software as a Service) companies, specifically highlighting the significance of SOC 2 and ISO 27001 frameworks. The conversation kicks off with a focus on the key reasons why organizations opt for compliance, ranging from gaining a competitive edge to fulfilling customer demands or adhering to legal obligations. However, Meiran underscores the challenges that come with security compliance, particularly when handled manually. He points out that manual compliance processes can be inefficient, error-prone, and exceedingly complex, which can lead to suboptimal results and increased costs, especially for startups.

To navigate this complex landscape, Meiran draws a distinction between SOC 2 and ISO 27001, shedding light on their fundamental differences. SOC 2 primarily revolves around historical evidence, catering to organizations in the United States or those serving American customers. In contrast, ISO 27001 takes a forward-looking approach, emphasizing continuous improvement and adhering to global standards, making it relevant to a broader international audience. Additionally, Meiran provides insights into the typical timeframes required to achieve compliance with each framework, with SOC 2 spanning 6-12 months and ISO 27001 clocking in at 4-8 months.

Moving on, Meiran discusses practical tips for effective collaboration with auditors during the compliance process. He also outlines the latest trends in compliance, reflecting the changing landscape of the modern world, such as the rise of remote work, sharing compliance postures with stakeholders, the adoption of emerging technologies, utilization of multiple security frameworks, outsourcing compliance tasks, and embracing cloud solutions.

The webinar delves into the shift from traditional certifications to more contemporary ones and underscores the importance of thorough preparation for an audit. Key components of this preparation include scoping and planning, setting clear business objectives and timelines, identifying stakeholders, implementing a supportive tech stack, establishing robust policies and procedures, obtaining buy-in from top management, and conducting security reviews at the board and management levels.

Meiran also highlights the role of Scytale in automating the compliance process, emphasizing the numerous benefits and  the exciting advancements in compliance automation. As a parting gift to viewers, Meiran points them in the direction of a free SOC 2 academy for those seeking to enhance their compliance knowledge.

In conclusion, the webinar wraps up with an engaging Q&A session, allowing viewers to pose questions and seek further clarification on the intricate and ever-evolving landscape of security compliance in the SaaS industry.