The Company
MeBeBot, the AI Intelligent Assistant for the workplace, earns customer trust through SOC 2 certification
MeBeBot automates employee support for HR, IT, and Operations, using an Intelligent Assistant to drive productivity and personalization for an elevated employee experience. By automating answers to frequently asked questions, employees get help and support, 24/7, from mobile or computer devices within tools like Slack, Teams, and via webchat.
Martin La Rosa, the Director of Engineering at MeBeBot, manages DevOps, Product Development, and Security, which requires efficient time management due to his multiple responsibilities.
When La Rosa began spending the bulk of his time completing security questionnaires for MeBeBot’s prospects and customers, he knew it was time to work towards achieving a SOC 2 certification to inspire trust in MeBeBot’s security practices. The only question left was where to start.
The Challenge
Floods of questionnaires showcase gaps in security documentation
“We were getting so many requests from prospects on certifications, questionnaires, and security checklists. Basically, they needed proof of what we were doing for security. We had sound practices in place, but we did not have external-facing documentation to show prospects.”
La Rosa was overwhelmed by the flood of security questionnaires, all of which asked for similar information but had no standard outputs making it impossible to create an efficient process.
“There was a lot of work involved in answering those questions. This meant a lot of time out of my day and a lot of waiting by our sales team.”
La Rosa understands that it is only natural for customers and prospects to do their due diligence when evaluating a potential partner. He wanted to make this evaluation process simple for MeBeBot’s customers, their sales team, and himself.
“We decided to go for our SOC 2 certification to mitigate the questionnaires and align our internal processes; this decision led me to TrustCloud.”
The Solution
SOC 2 achieved after an “effortless audit”
Once a company decides to work towards a certification like SOC 2 it can be impossible to know where to start. La Rosa and the MeBeBot team went back and forth on if they really needed a tool to assist in readiness or if they could do it manually.
“We had a fear of wondering if we should do the audit prep manually versus investing on a tool like TrustCloud, but it was totally worth it. I couldn’t comprehend the amount of work this would have taken if we went the manual route.”
“The onboarding process was very neat, and the support team was amazing; they really held our hand through set up and explained the importance of each piece of the process. TrustCloud itself is really easy to use and is very intuitive, I like how it guides you through the path you have to take.”
After about four months of preparation, the MeBeBot team was ready for their audit. To ensure they were ready, the TrustCloud team ran a “mock audit” for a final check of their program.
“We gave the auditors access to TrustCloud, they looked at our evidence, tests, and policies and it was a breeze for us. The auditors didn’t have any questions for us at all; it was just about 2 weeks of the auditors working and us waiting.”
Three months after their successful SOC 2 Type 1, La Rosa and the MeBeBot team achieved their SOC 2 Type 2 certification only two weeks after their kickoff date.
“During the audits, our productivity was not affected at all. The auditors went into TrustCloud and looked at everything we set up, our tests, controls, and evidence and never really asked anything else of us. We were definitely prepared.”
The Future
Security posture strengthens and additional certifications are on the horizon
For La Rosa and the MeBeBot team, compliance is much more than just a “check-the-box” activity; it’s a living program that requires continuous maintenance and team collaboration to maintain a high level of security.
“The maintenance process with TrustCloud is very simple. This tool doesn’t just help you get to the certification, it constantly tells you where you are and when things need to be revised. It’s just a matter of setting aside time to review your notifications. Everyone has a role to play in security, it’s great that everyone can collaborate in the same tool.”
La Rosa and the MeBeBot team won’t stop at SOC 2, they already have their eyes on additional certifications down the road.
“TrustCloud will support us with future certifications, I’ve actually already looked at the gap analysis that the tool provides to see the difference between our current status and the future certifications we want to pursue. It’s nice to see where we have gaps so we know when we choose to move forward there is not much work left to do.”
With the help of TrustCloud, La Rosa and the MeBeBot team have created a formal security program that inspires trust, achieved their SOC 2 certification, and now have a real-time view that helps monitor and maintain their programs.
“With TrustCloud we were able to set the path for our SOC 2 Type 2 certification and see the current state of the company regarding our security posture. TrustCloud helps you set the path to compliance and guides you after to maintain that level of security.”
“If you’re thinking of going with TrustCloud, just do it! TrustCloud has been amazing for us to work with. Talk to anyone who has done this without a tool and you will see that a tool like TrustCloud is the way to go.”
What TrustAssurance means to MeBeBot
“Trust Assurance means reassuring another party that you’re doing the right thing regarding security and data privacy. There is a lot of trust being put into other companies so they should have a way to show that they can be trusted with your data. Having TrustCloud has helped us prove to prospects and customers that we have the processes set in place to do things the right way and keep things the right way.”
Advice from Martin La Rosa
“Build a team that will support you and understands the importance of security. It’s not just about checking boxes, it’s about protecting your company and your customer’s data—take it seriously.
