How BigSpring built a compliance program that wins deals with the tech giants

Company: BigSpring

Location: San Francisco, CA

Going into our first audit our confidence was very high… Our second audit was even easier. If I had to quantify it, I would say we probably spent 80% less time and effort on the renewal audit.

Yin L. Yin
Sr. Director of Revenue and Customer Growth

The Company

BigSpring, an intelligent enablement software, needs a compliance program that supports their revenue efforts

BigSpring is the practice platform that ensures teams and partners are revenue-ready, at pace with your innovation. BigSpring powers companies like Google Cloud, Pfizer, and HSBC to update their people just like they update their software—making it possible to deliver skills at scale with measurable results.

Yin L. Yin devotes her time to building strong relationships with BigSpring’s customers and ensuring they are successful over time. In addition to equipping customers to grow, Yin owns the SOC 2 effort for BigSpring.

“My background is in consulting, so bringing order to chaos is in my skill set. Part of customer success is helping to enable the sales team which can include some InfoSec needs.

The Challenge

Building a Big Tech-worthy program with a startup budget

Yin and the BigSpring team had created a solution that helped major organizations easily enable their dispersed teams. But, doing business with enterprise-level clients comes with its complexities.

“We deal with a lot of very large companies with very detailed processes in highly regulated industries of their own which of course adds an additional layer of complexity. We needed things that lend us credibility despite our size.”

“It got to the point where the question came up if we had a SOC 2 and we couldn’t say yes yet. Achieving SOC 2 was very much a go-to-market strategy for us to shrink the sales cycle.”

Yin and her team knew SOC 2 was a critical component of their go-to-market plan, so figuring out where to start was their next challenge.

The Solution

Finding the platform to achieve their certification

In 2022, BigSpring began their partnership with TrustCloud to work towards preparing for SOC 2 for the first time.

“The onboarding with TrustCloud was very straightforward, I feel like our companies have a similar style—hustle and focus on the customer. We had weekly check-in meetings and I felt like the team was quite good at helping us stay on track.”

“Our trust specialist was able to share advice and guidance on best practices. Our entire team was going through this process for the first time so it was very helpful.”

Because it was their first time, Yin and the team decided to work with one of TrustCloud’s in-house compliance directors to ensure they were ready for their audit.

“Going into the audit our confidence was very high. We had gone through everything and we were ready to go. Because it was our first time, we had a trial audit with TrustCloud’s compliance director—Satya was in our check-in leading up to the audit and scrutinized everything on our behalf in advance. There was nothing I was worried about. In fact, just so you know how confident I was, the start of our first audit coincided with my due date. I wanted to go on maternity leave knowing everything was in place and that was the case! No one said anything about SOC 2 the entire time I was on leave. We got our report and everything went very smoothly.”

Maintaining certifications isn’t a “one-and-done” type exercise, it has to be completed continuously but that doesn’t mean it shouldn’t be a lighter lift.

“For our first audit, there were 5 of us involved quite intensively for about 3 months. For our renewal audit, there were only two of us and we had everything ready in one month. It was much much easier the second time around. If I were to quantify it, this time around we probably spent 80% less time and effort than we did on the first audit.”

The Future

Expanding into new markets with confidence

With multiple SOC 2 certifications, Yin and the BigSpring team continue to grow their number of enterprise clients. Now, they want to expand into new environments, always keeping security and privacy at the forefront of their go-to-market strategy.

“Historically we’ve focused on doing business with US and Asian enterprises. Now, we’re in conversation with quite a few European companies, as well, which is an entirely new ballgame. We’re working on getting ahead of the evolving requirements to serve this market.”

With a dedication to the success and security of their customers and TrustCloud as their partner, BigSpring is equipped to continue to scale up the market.

What Trust Assurance Means to BigSpring:

“Trust Assurance is a good description for the TrustCloud product, it’s the peace of mind that you’re good to go for your audit and maintaining a secure environment.”

Advice from Yin Yin

“If I were to give advice to someone just starting their SOC 2 journey, I would say purchase software. Trying to recreate this manually is not worth your time, you need something that will be your single source of truth and has some automation in it to keep you organized and make your next audits less painful. TrustCloud is that single source of truth for us.”