With Citadel, AssuranceLab achieved SOC 2, migrated, and launched a new platform
Paul Wenham, Co-founder & CEO at AssuranceLab:
“Using Citadel allowed us to focus on building our product, while the important AWS infrastructure part was handled for us to achieve the state of security and compliance that's critical to our goals for our new platform, Pillar.”
About:
AssuranceLab is a certified B-Corp audit firm and an award-winning Regtech software company that supports other software companies’ global compliance. AssuranceLab and their in-house platform, Pillar, covers SOC 1, SOC 2, ISO 27001, HIPAA, CSA STAR, GDPR, CCPA, the Consumer Data Right, and ESG Reporting. These standards are seamlessly combined into a single agile and collaborative audit process that saves time, cost and business disruption, while building trust to win new customers and enable their growth.
Compliance is a data problem. AssuranceLab’s software – hosted in a no-code platform – translates the operation of each unique business into data points to connect to all the different compliance standards. This enables audits and compliance in a way that fits with a customer’s needs, with a single compliance program, a simple audit process, and flexibility to adapt to the constantly changing global compliance landscape. In 2022, AssuranceLab built their new platform, Pillar, to up their service to better serve their 160+ customers over 12 countries and accelerate their own global growth.
The Challenge:
The challenge for AssuranceLab is ensuring that Pillar is trustworthy, secure and compliant with standards. However, AssuranceLab’s engineers need to focus on what they are best at – building great product features, not managing their AWS infrastructure. Furthermore, high quality DevOps engineers are expensive, hard to find, and a full-time role is overkill in the early stages of launching a product, so leveraging Citadel's leading automated solution made sense for AssuranceLab.
The Solution:
Over the customer onboarding process, the need for AssuranceLab’s AWS cloud infrastructure to become compliant with the SOC 2 standard was discussed and decided upon. Customers require different standards based on their needs.
Next, Citadel was linked to AssuranceLab’s AWS Management Account, followed by the creation of ‘Log Archive’ and ‘Audit’ accounts, adhering to the AWS Well-Architected Framework. AssuranceLab also requested an AWS control tower to be installed.
After this, Citadel deployed infrastructure into the newly created accounts to provide a security and governance layer for features and services like GuardDuty, Cloudtrail, SecurityHub, etc. This layer is also used during the external auditing process to meet accreditation guidelines, such as for our desired SOC 2.
For future proofing, AssuranceLab’s installed AWS infrastructure will automatically stay up to date and be co-managed by Citadel and AssuranceLab via our smart automation platform.
With the Citadel setup complete, the project was free to move to the next step – the migration of the Pillar platform to this highly secure and compliant environment. Exactly what AssuranceLab wanted.
Reflection:
AssuranceLab needed and received highly secure, audit-ready AWS cloud infrastructure based on the AWS Well-Architected Framework and native-cloud concepts, and Pillar is now more trustworthy than before.
Citadel successfully delivered another solution while testing and improving their expertise and Software as a Service solution.