Accord Builds a Foundation for World-Class SaaS Security with SOC 2 Partner VGS

Case Study Summary

Case Study LogoCase Study

Client

Accord helps B2B sales teams move from vendorship → partnership. Its customer collaboration platform is built for high-growth sales leaders who need to hit scaling revenue targets and build a repeatable process. Accord ensures revenue teams are reinforcing a predictable sales motion that customers actually engage with and reps love to use.

Client Photo

Wayne Pan
Co-founder & CTO

Region

United States

Industries

SaaS, Sales, Software

Goal

Build a scalable, world-class SaaS company with security as a competitive differentiator.

Challenge

Finding a partner to help them understand SOC 2 compliance requirements, achieve SOC 2 certification quickly, and scale their compliance capabilities as the company grows.

Solution

VGS Control Compliance for SOC 2

Result

With VGS, Accord was able to prioritize security controls that would help them meet SOC 2 certification. Going through SOC 2 certification has allowed Accord to go upmarket and differentiate the company from 100% of its competitors.

Background Img

Background

Accord is a SaaS start-up with big plans and the executive talent to see those plans to fruition. Co-founders Ross Rich, CEO, Ryan Rich, CPO, and Wayne Pan, CTO, have backgrounds at Stripe, Google, and LinkedIn, respectively. Aside from backgrounds at these leading tech companies, the team also went through Y Combinator, an acclaimed start-up accelerator program, with Accord. Now, as a growing company, Accord leaders are using their experience at world-class organizations to build their own business and tech stack based on best practices they’ve learned.

Challenge

“We are a world-class engineering team and a world-class company. From a security standpoint, that drove a lot of our urgency.” Wayne Pan, Co-founder & CTO

Accord is a company that believes success comes from good planning. Their CTO, Wayne Pan, felt the intense security responsibility during his time as Director of Engineering at LinkedIn and how important it is to be a security-first SaaS company. Since Accord manages their customers’ data and their customers’ customers’ data, the responsibility for securing information was even more urgent.

In addition, some of Accord’s early customers required time-consuming (or tedious) information security reviews to demonstrate that their information would be kept safe. “That is definitely not a fun process if you don't have everything sorted. Coming up with resourcing when you're working on a bigger project can be tricky,” said Ryan Rich, Co-founder & CPO. The team knew that investing in improving the company’s security posture would take them from being reactive to proactive.

The team decided to start with SOC 2 as a clear and consistent way to demonstrate their security posture and began looking for a partner that could help them understand what it would take for Accord to become SOC 2-compliant. As a small team, they needed a partner that could help them get to SOC 2 compliance quickly, as well as help them scale their security and compliance capabilities.

“We want to be a world-class engineering team and a world-class company. From a security standpoint, that drove a lot of our urgency.”

Wayne Pan
Co-founder & CTO

Solution

SOC 2 Education

The Accord team evaluated several vendors while searching for a partner who could guide them through the SOC 2 process. In the end, they decided VGS was the right partner and the team was the best fit. “Our team definitely knows about security. But, is everyone on our team a SOC 2 expert? No. One of the benefits is that after going through this process and working with VGS, we understand SOC 2 so much better and can really speak to it with our prospects’ security teams.”

VGS Platform and Partners

Accord is currently going through the auditing process with VGS partner, Armanino (one of the top 25 largest independent accounting and business consulting firms in the United States), certifying three out of five of the Trust Services Criteria. The team is enjoying the ‘go at your own pace’ of the VGS Control Compliance platform. The ability to store attestation evidence directly in the Accord Control account makes it easily accessible to their team and Armanino. This allows real-time collaboration and saves time by letting Armanino auditors comment, and accept or reject evidence using VGS’ application messaging tool, and effectively eliminating any need for Accord to mass upload files to their auditor.

The team is currently halfway through the audit process and is expecting their gap report next week, where they’ll find what they have to do to round out the audit process.

Soution Img

Results

“0% of our competitors have SOC 2, and I'm not even sure it's on their radar. It's a huge competitive differentiator.” Ross Rich, Co-founder & CEO

Accord’s CEO Ross Rich gives Wayne and his engineering team credit for setting up an excellent security posture upfront. But nothing beats external validation. Ross says, “It’s just a different story when you can say to customers, ‘We have a great engineering and product team, and they take data very seriously. But don’t just take our word for it.’ And point to your SOC 2 work. It gives our customer-facing team a lot more confidence.”

Security Prioritization

Though the team was building based on security best practices already, working with VGS helped them prioritize their long list of tasks. Wayne said, “There were a number of best practices we knew we’d want to implement as we grew, things you have to take into consideration for customer data and security. Working through SOC 2 compliance with VGS and using VGS Control for our SOC 2 solution helped clarify which ones we should bring further up the list, and which could potentially wait. Prioritization is always critical for growing teams.”

Establish Credibility and Trust

With aggressive growth plans, Accord realized they would not be able to go upmarket successfully without SOC 2 certification. The fact that Accord is already well into the SOC 2 certification process, particularly at its relatively early stage, makes prospective customers sit up and take them seriously. Ross shared, “Suddenly security becomes a non-issue, which is so nice; we don't want to or now have to spend time discussing security when we want to be talking about the value we're going to be able to provide our partners with our core solution. It's nice having that level of trust established right away, especially for such an early stage company like ours.”

Results Img