As a legal provider, information security is a big focus for the Atrium team. Employees undergo security training when they onboard, they have a TechOps team that works to ensure that they adhere to best practices, and a group of engineers called the Security Guild who manage application and infrastructure security. Even with all of this in place, the Atrium team knew that as they grew, their security needed to scale with them.
When Atrium was looking to further strengthen their security posture, they knew that they needed practical solutions that would make the business more secure. Rather than being something complex that consumed significant resources, they wanted security to be an enabler of their business growth. They needed something that would help the team they had easily understand and communicate the “what” and “why” of security to a broad group of stakeholders. “With Aptible, we’ve been able to implement policies and procedures, map them to controls, and track the progress of our initiatives with ease - without having to hire a full time compliance team.” says Justin Kan, CEO and Co-founder of Atrium.
Kan, a founder of several startups and an investor at Y Combinator, intimately understands the needs of startups and growing companies.When looking for a Security Management solution for his own company, he realized that compliance products were generally expensive, slow to develop, and hard to use, which diverts focus and slows growth. “Most competing compliance products are too expensive for startups and have a subpar user experience.” said Kan, “Aptible is both budget and user friendly.”
Aptible gave the Atrium team a way to align around security and improve their communication around what should be happening, what was happening, and what the difference was when it came to security. Through best-in-class security training, an automated buildout of their Security Management program, and a system of record for all of their compliance efforts, Comply enabled the team to build out and continually manage their compliance efforts so they could be confident that they were audit-ready without having to slow down.
At Atrium, security is critical. Having best-practice policies and procedures in place and being able to show that they’re taking action on them helps build trust internally, with customers, and with regulators. Using Aptible Comply the Atrium team was able to put policies in place that helped them track the storage and use of sensitive data, enforce software development lifecycle best practices, and reduce internal risks. By having a solution that enables them to manage their security and compliance efforts, Atrium doesn’t have to trade security for growth, they can use one to enable the other.
With Aptible Comply, Atrium has built a culture of security and treats Security Management as an ongoing process; constantly operating, maintaining and updating to ensure that they not only pass audits and maintain compliance, but that they are truly secure.