quote icon

"We really want to focus on the things that make us extraordinary in the market that we play in. So being able to have someone like AssuranceLab behind us, to facilitate an outcome around that audit component in the assurance space, particularly for SOC 2, is incredibly helpful.”

Culture Amp’s journey to multi-standard compliance, fast tracked by partnering with AssuranceLab, to achieve 'compliance by design'

Culture Amp is a global leader in employee experience. Follow their transformative journey from startup to scaleup, and learn how achieving SOC 2 and GDPR compliance (with the right audit partner) helped build trust with their customers, and exceed minimum due diligence requirements. 

Culture Amp: a HR unicorn changing the way over 25 million employees across 6,500 companies experience the world of work

By partnering with AssuranceLab, Culture Amp were able to achieve compliance around their unique ways of working, stand out against their competitors, build trust, and foster a culture of compliance by design.

Finding an ideal audit partner who understood SOC 2 controls and could offer a “continuous compliance” approach was key to meeting the requirements of  SOC 2

Experiencing significant growth, and entering the transition phase from startup to scaleup, Culture Amp brought together three senior technology leaders from Technology, Engineering, and Security to guide the organisation’s security practices to maturity. Those leaders were Samm MacLeod, VP Security & Risk, Angela Davis, VP Technology, and Craig Penfold, SVP Product Engineering.

Together, they quickly realised the effort needed to become SOC 2 compliant in order to meet the minimum due diligence requirements of their customers.

Culture Amp kicked off their SOC 2 journey by obtaining an audit report from a traditional audit firm. This gave them some insight into the controls they would need to focus on, but didn't take into account the different ways a SaaS company approaches its ways of working.

Culture Amp then sought out an audit partner that could help them conduct a SOC 2 audit in an agile way, with flexibility to match their ways of working, and where they could embed ‘compliance by design’ to meet SOC 2 obligations.

Initially there were concerns that becoming SOC 2 compliant would be a massive undertaking for the organisation and, at first, project deadlines were pushed out during the search for the right audit partner.

However, there was consensus on the need to prioritise SOC 2 in principle, and widespread agreement that finding an agile audit partner would make the whole initiative achievable within an acceptable time frame. With an Executive and organisation focused on achieving these goals, the search for an agile audit partner commenced…

Realising the power of partnership with a fit-for-purpose audit firm built to cater to fast-growing technology companies with global operations and ambitions

During their search, Culture Amp’s VP of Technology Angela Davis, came across AssuranceLab who seemed to provide the alternative they were looking for. After some initial meetings with the team and learning more about them, AssuranceLab’s origin story resonated with Culture Amp and their recent experiences. 

Coming from a background of Big 4 consultancy, AssuranceLab co-founders witnessed first hand how difficult a one size fits all, traditional, audit approach could be. They were typically created for larger and more traditionally structured organisations, and did not fit well when applied to growing, modern SaaS companies trying to achieve compliance. Out of recognition for this problem and with hopes of solving it, they created their own solution with AssuranceLab.

Having just experienced the problem AssuranceLab was created to solve for, Culture Amp knew they had found a perfect fit and engaged them to achieve their SOC 2 compliance. 

Unlike their initial one size fits all, more traditional, experience, AssuranceLab took the time to understand Culture Amp’s ways of working and explained how their agile and technology-led auditing approach would be customised to suit it.

Culture Amp were provided with a clear map of their journey ahead, from the start. By completing AssuranceLab’s Readiness Assessment as their first step, Culture Amp were able to clearly see where their current controls and processes met the SOC 2 standard and where they had gaps.

Throughout the process, Culture Amp felt supported and well informed. With the guidance of their lead auditor Michael Precious and his team, they were able to understand the intent behind each control.

As they worked towards their SOC 2 Type 1, Culture Amp were able to implement timely improvements as a result of AssuranceLab’s responsiveness and constant feedback loops. At times, they even received video explanations to complicated queries that they could share with wider teams in their organisation.

AssuranceLab exceeded all stakeholder expectations and helped the SOC 2 project team to guide the rest of Culture Amp on the importance of SOC 2 to their business and customers.

Effective collaboration between partners with shared ways of working

Through effective collaboration with an audit partner just as agile and communicative as Culture Amp itself, the partnership helped Culture Amp to not only meet the requirements of SOC 2, but do so in a way that aligned to their ways of working.

As a result, Culture Amp not only achieved SOC 2 Type 1 compliance, but they completed it earlier than their intended deadline.

After achieving their SOC 2 Type 1 and experiencing the AssuranceLab difference, Culture Amp felt confident enough to not only continue on with SOC 2 Type 2, but also engage AssuranceLab to support them with achieving an additional layer of compliance, through a GDPR audit. 

Culture Amp were able to complete GDPR in addition to their pre-planned SOC 2 Type 2 audit with ease and receive an efficiency gain, thanks to AssuranceLab’s blended audit approach. In it, any overlap between standards is removed, allowing Culture Amp to undertake a single audit (as planned) but emerge with multi-standard compliance.

Samm MacLeod is a huge supporter of AssuranceLab’s blended audit offering in the way it streamlines compliance while lightening the load of the teams involved. 

Samm highlighted how it allows Culture Amp “to keep [their] cost base low” while seeking to achieve multiple compliance outcomes for their customers. With this added level of security compliance, Culture Amp would no longer just be meeting the minimum standards of their clients' due diligence, but exceeding them and, with that, standing out against their competitors. 

She went on to state “we're trying to achieve big outcomes with a limited amount of resources. We really want to focus on the things that make us extraordinary in the market that we play in. So being able to have someone like AssuranceLab behind us, to facilitate an outcome around that audit component in the assurance space, particularly for SOC 2, is incredibly helpful”.

Strong foundations for continued collaboration and growth built on a culture of compliance by design

The collaboration between Culture Amp and AssuranceLab demonstrates the value of a strategic compliance approach. By selecting the right partner, streamlining audits, and maintaining clear communication, Culture Amp achieved SOC 2 and GDPR compliance which resulted in:

  • Increased trust with their clients
  • Standing out against their competitors
  • Fostering a culture of compliance by design 

Their journey serves as an example of how organisations can navigate complex compliance requirements efficiently by partnering with AssuranceLab to reap the benefits of agile and technology led audits, that are customised to fit growing, modern SaaS organisations.


Get started your way

We’re ready when you are
If you’re ready for a no-obligation discussion on your compliance needs and goals, our friendly team will be happy to take your call.