INTRODUCTION

3rdRisk is Europe's leading cloud platform for third-party risk and compliance operations, located in Amsterdam, Netherlands.

They offer a platform designed to evaluate and monitor suppliers across various risk domains, including cybersecurity, sustainability and compliance. Utilising AI and other technologies, the platform automates routine tasks and recurring activities, enhancing efficiency and accuracy.

BACKGROUND 

After recognising the need for business growth and client requirements, 3rdRisk undertook their SOC 2 compliance audit with AssuranceLab and Drata.

As a third-party risk management platform, Jelle Groenendaal, Co-founder and CMO at 3rdRisk stated that for them, “SOC 2 was the preferred framework as it better suited our business needs and goals, as well as looks at how our systems operate.”

“We have a lot of data coming through our business by nature of the work we do, and we wanted to ensure that we could show clients the security practices we have in place.”

WHY COMPLIANCE AUTOMATION

When beginning their SOC 2 journey, 3rdRisk understood their limitations as a small team and limited capacity and time restraints. This led the team to look at compliance automation tools like Drata.
 
After signing with Drata, for their evidence upload processes and real-time view platform, 3rdRisk was presented with a selection of partners to choose from, to conduct their audit. When asked what drew 3rdRisk to signing with AssuranceLab Jelle stated “We decided to pick an organisation from a European perspective that would be trusted, and we thought that would be AssuranceLab. We feel that Australia has a similar cultural feel, and the quality of work is generally considered to be similar in Europe." 

ASSURANCELAB x DRATA

After completing their initial SOC 2 outcome, 3rdRisk started on AssuranceLab’s continuous audit model. This worked well for the team at 3rdRisk as it was clearly defined each month which controls were the main focus.
 
Jelle said that this helped the team “stay focused and consider only what was necessary each month, rather than becoming overwhelmed.”
 
Completing the continuous audit meant that 3rdRisk had completed testing soon after the audit period ended. This meant they achieved their SOC 2 audit within their tight client deadlines.

COMPLIANCE ACROSS CONTINENTS

With 3rdRisk based in Europe, Drata a US-based company and AssuranceLab based in Australia, this audit was conducted across three time zones. With the real-time view in Drata’s platform, 3rdRisk was able to monitor their progress when it suited them.
 
When it came to working with AssuranceLab, the team at 3rdRisk had no concerns about the time difference. The team at AssuranceLab were easy to get a hold of, there was no difficulty booking meetings and the team responded quickly, clearly and comprehensively to audit queries.

RECOMMENDATIONS FOR OTHER COMPANIES

After their SOC 2 audit experience, the team at 3rdRisk would recommend SOC 2 compliance to all SaaS companies, using AssuranceLab as the main audit partner. Jelle highlighted that after achieving their SOC 2 attestation, 3rdRisk has expanded and grown their business significantly. “For us, SOC 2 is the best possible indicator for companies looking at undertaking only one security framework as a starting point.”
 
It should be noted this is not the only security framework, and companies can expand their compliance with ISO 27001.

CONCLUSION

Through the Drata Starter continuous audit program 3rdRisk was able to achieve their SOC 2 compliance to meet tight client deadlines.

Working with Drata as the compliance automation platform, and AssuranceLab as the lead auditors, the audit process ran smoothly and seamlessly.
 
3rdRisk has enabled business growth through its SOC 2 attestation and is an advocate for other SaaS companies to understand their SOC 2 audits.

If you would like to experience the AssuranceLab difference yourself, contact our team: info@assurancelab.com.au