The company
Zasio has delivered records-management software, consulting, and information governance expertise to global organizations since 1987. Headquartered in Boise, Idaho, Zasio helps companies manage data retention, privacy, and compliance across complex environments so they’re no strangers to compliance and must prove rigorous security to hundreds of customers worldwide.
Vice President of Technology & Product Development Warren Bean leads the security program and wears many hats, from software development to cybersecurity oversight.
- 25 years at Zasio, Warren guides technical strategy and SOC 2 readiness.
- Customers span highly regulated industries that demand proof of Zasio’s security posture.
“TrustCloud has become our one-stop shop for everything related to SOC 2”
Warren Bean
The challenge
Managing evidence, policies, and vendor risk through spreadsheets or with a costly, inflexible platform was unsustainable. Zasio’s first compliance tool lacked Azure automation and unexpectedly raised prices by 50 percent at renewal. To ease the burden of on-going SOC 2 compliance, Zasio…
- Needed reliable reminders for monthly, quarterly, and annual evidence collection.
- Sought deeper automation in Microsoft Azure to reduce manual work.
- Required a transparent way to share controls with auditors and customers.
“If we tried to do this in spreadsheets, we’d be chasing evidence everywhere”
Warren Bean
The Solution
TrustCloud Compliance, TrustShare, and the Risk Register were live within weeks, giving Zasio a unified security command center.
- Compliance Automation: Evidence tasks scheduled by frequency; auto-tests pull data directly from Azure.
- Risk Register: Top threats and scores entered after an annual workshop, keeping leadership aligned.
- TrustShare: Auditors and customers view real-time policies and controls without the need for back-and-forth emails.
“It’s the central place where I know exactly where to go to handle SOC 2”
Warren Bean
Results
TrustCloud cut preparation time, reduced the risk of missed evidence, and strengthened customer confidence.
- 40+ automated controls reduce the number of manual screenshots required each month.
- Audit preparation time is reduced from weeks to days; auditors can self-serve in TrustShare cutting significant back-and-forth time and needed resources.
- Sales cycle friction decreases as prospects can instantly review Zasio’s security posture, eliminating the need for meetings and presentations.
- TrustShare lets customers more easily conduct vendor assessments.
“Prospects and customers love the portal. When they send a questionnaire, we simply reply, ‘You’ll find that in TrustCloud“
Warren Bean
Looking Ahead
With SOC 2 on autopilot, Zasio is turning its attention to AI governance and enhanced vendor oversight, both areas that TrustCloud can support.
- Internal AI policy and impact assessment already uploaded to TrustShare for transparency.
- Third-party lists are housed in TrustCloud, with annual reviews logged alongside risk scores.
- Exploring continuous monitoring features to scale security without adding headcount.
“AI governance is just another facet of information governance, and TrustCloud helps us present it clearly to customers”
Warren Bean
