Penetration into the US market (and a growing demand in others) means one thing… SOC2 accreditation. This is one of those hydra-type projects. You spin up one project and realise quickly that you’ll need to do at least three more.

Arguably the most important types of projects to get your requirements clear as quickly as possible; the next challenge becomes the delicate dance between revenue generation and revenue protection.

While SOC2 ultimately covers both, it inherently often depends on changes to critical infrastructure thereby increasing risk to business operations and existing revenue. Thus making project prioritisation, risk and change management all key in ensuring balance is kept while moving steadily towards the much-coveted accreditation.

From the outset I noticed in senior stakeholder and town halls, that mixed and inaccurate messages were being sent regarding our estimate towards achieving SOC2; and so, my first challenge was making our path from initiation to SOC2 audit ready to ultimately accredited crystal clear.

Engaging with 3rd party solutions to arrange POC’s gave us an edge in being able to dynamically determine gaps in our security posture while also enabling us to measure our progress almost instantaneously. With all of the projects, their respective milestones & success criteria and estimated completion dates clearly defined, it allowed for the teams to align seamless and focus on project delivery.