Free SOC 2 Readiness with Sravish Sridhar & Gary Chan

Sravish Sridhar

15 Dec 2022

On today’s episode of Behind the Kite, Sravish Sridhar and Gary Chan discuss TrustCloud’s Free SOC 2 Readiness Program for Startups.

Why is TrustCloud offering SOC 2 software for free?

That’s a great question, Gary. I’ve always felt like if you’re a B2B SaaS startup, selling to the enterprise, SOC 2 is a requirement. You cannot sell to enterprises if you don’t have SOC 2 compliance in the US. And so if Google Analytics can be free and if various other tools can be free to help build your product, I think it should be a birthright that SOC 2 readiness should also be for free. Too many companies have made too much money taking advantage of startups. We’re going into a bad economy, people are cutting budget, but they still need to grow. And I think it’s a gross injustice that people are charging crazy amounts of money for SOC 2 readiness. It’s the right thing to do. As a founder, I think we need to do this for every other founder in the world. Therefore, TrustCloud is offering free SOC 2 readiness for any startup in the world.

Why do you think we haven’t seen free compliance software yet?

We haven’t seen free compliance software because there’s too many people that want to make too much money with compliance. Consultants want to make money. Software startups that want billion-dollar valuations want to make money and it’s just too hard to know how to become SOC 2 compliant and everyone’s taken advantage of this. Furthermore, it’s really hard to do. Building a free self-service product in an area as complicated as compliance is a really hard task. That’s why no one’s really attempted it. And I’m really proud that TrustCloud is the first company to offer this to every startup in the world.

It’s about time that this evolution has happened. Compliance has been an industry that really hasn’t changed for years and years. People are struggling with documents and questionnaires and information request lists and all sorts of nonsense which makes SOC 2 just a pain for any company to pursue. In fact, if you talk to any startup and go to their product team and say, “We need to achieve SOC 2 compliance.” They’ll immediately push back because they think it’s going to affect their product roadmap and the CEO is going to push back because it’s going to cost money. And I don’t think something that is so important to drive sales should be seen as something that is going to impede your roadmap or seen as something that’s expensive and therefore you shouldn’t do. So I think the right thing to do is to offer this for free and make it self-service and make it easy and effortless so that every startup feels like they can just flip a switch and in a period of a few weeks they can get ready for a successful audit.

Who’s eligible for TrustCloud’s startup program?

We’ve designed a starter package for any startup in the world that is less than 20 people in size. And for that package we give them three things:

  1. Free access to get ready for SOC 2 and NIST-CSF. SOC 2 being a US standard that is focused on achieving an attestation. NIST-CSF being a government standard that is security based.
  2. Access to an application called TrustShare, which allows them to publish a portal to share their compliance with their enterprise customers, as well as use AI to answer security questionnaires.
  3. A risk register, which is a requirement for SOC 2. But the difference is it’s an automated risk register so they don’t have to do the work to maintain, track and manage their risks.

SOC 2 readiness, answering security questionnaires and managing risks. All for free for any startup with less than 50 people.

To get started with the program, click here.