PartnerStack is a partner relationship management platform built for SaaS businesses. Their platform enables companies to automate the toughest parts of running a partner program, so it’s no surprise that when they wanted to automate the toughest parts of running a compliance program across SOC 2, ISO 27001:2013, and privacy regulations like GDPR and CCPA they chose Comply
Mike Kim is the Security and Compliance manager for PartnerStack. Mike is an experienced compliance professional, having been at many companies and gone through many audits. In his career he’s used many other compliance tools and found them to be “glorified cloud docs and storage.” When approaching compliance at PartnerStack he knew he wanted something different, and when he discovered Comply he found it refreshing because he could see from how PartnerStack uses automations that similar compliance automations help them achieve their objectives. Automations that simplify compliance are important for Mike because he is a one-man compliance team, with a few collaborators who help him.
PartnerStack is purpose-built for SaaS companies, which means that they are cloud native. This comes with compliance challenges, and the ability for them to integrate their infrastructure and tools to automate compliance. Currently they use a hybrid cloud approach and have both AWS and GCP connected to Comply to continuously monitor thousands of container and database assets for security and compliance events.
Their compliance automation needs go beyond their infrastructure which is why they’ve integrated their G Suite to automate kicking off user onboarding reviews, and Slack to automate notifying collaborators of the work they need to do. The HR Director loves the Slack feature because it allows him to get notifications where he works, and complete the requests in Slack without having to need to login to Comply.
The Comply feature that PartnerStack gets the most value from, is the API. Mike has set up multiple integrations using Workato so he is able to leverage compliance automations for their internal services and those that are outside the Comply roadmap. For example, PartnerStack’s scanning tool pushes its findings directly into Comply and automatically creates evidence and assigns issues that may need to be addressed. Another custom integration they built is integrating their HR system to pipe information of employee changes into Comply.
Using Comply has saved them time and money. Mike is able to implement turn-key integrations and automations as well as create his own in minutes, which keeps valuable engineering resources focused on more business critical items. And based on their use of compliance automation technology PartnerStack received a 20% discount from their auditor.
In addition to compliance automation, PartnerStack is using Vendor Management and Rooms in Comply to make it easier to identify if their vendors are trustworthy and build trust of their security with customers. Integrations automatically inventory their SaaS System assets as well as some basic information about the vendor which Mike has found to be a big benefit when he doesn’t immediately recognize the vendor to help them complete reviews faster.
When it’s time for them to be reviewed by their customers PartnerStack uses Rooms. Mike was concerned about their SOC report getting leaked and loves that Rooms automatically gates access with an NDA and watermarks documents. In addition to saving time on the back-and-forth with legal he’s also seen a positive impact on their resourcing and sales cycles:
“Rooms is one of the biggest lifesavers for us. It has cut down the time I spend on RFP requests by 60% and has improved our sales cycles, changing the lead time to instant.”
Comply has enabled Mike to automate compliance and build customer trust, if you’re looking to do the same, get started with Rooms today, for free.