Host - Rory Holland - cstmr.com - Linkedin: CSTMR

Interviewed - Jack Macy, CSTMR and Alex Bates, Dark Rock Cybersecurity - LinkedIn: CSTMR and Dark Rock Cybersecurity

Want to be a part of the podcast? Contact Rory today!

In This Episode

Join us for Episode 29 of Mighty Finsights, where Rory Holland interviews Jack Macy, founder and COO of CSTMR, and Alex Bates with Dark Rock Cybersecurity about the journey CSTMR took to achieve SOC 2 compliance. They explore the importance of SOC 2 for building trust with clients, the challenges faced during the process, and the benefits of being a certified vendor in the financial services industry. The conversation also covers the selection of the right SOC 2 partner and offers advice for organizations considering pursuing SOC 2 compliance, including why it’s helpful to have an expert coach to guide you through the process.

Key Takeaways

• SOC 2 compliance is an excellent way to improve organizational health and build client trust.
• CSTMR's proactive approach to SOC 2 is unusual for service-based business, especially agencies.
• The SOC 2 process helps formalize risk management practices and “harden” security protocols.
• Data breaches incur significant costs and reputational harm for organizations.
• Selecting the right SOC 2 partner will make a big difference in your experience and the quality of your results.
• Investing in compliance should be viewed as a long-term strategy.
• Training and educating the organization as a whole is key to successful implementation.
• SOC 2 is a report of compliance, not a “certification.”

Chapters

00:00 Episode Introduction

01:58 Why Did CSTMR Pursue SOC 2?

03:58 The Importance of SOC 2 for Professional Services

06:09 Challenges in Achieving SOC 2 Compliance

09:52 Real-World Security Failures

12:57 The Direct Impact on a Brand

14:27 The Prevalence of SOC 2 in the Marketing Space

16:56 Benefits to CSTMR's Clientele

19:48 Selecting the Right SOC 2 Partner

22:21 What to Look for in a SOC 2 Vendor

24:13 How Playing Competitive Sports Informs Alex's Work

29:20 How to Know If SOC 2 Is Right for Your Organization

30:28 How CSTMR Tackled the Challenges of Passing SOC 2

34:07 Unpacking the Gap Analysis

35:44 Trust Service Criteria