CASE STUDY
ÉTUDE DE CAS
AI Insurance preps for SOC 2 in one week and accelerates expansion
Vanta provides clear guidance on how to get and stay compliant with support teams and simple checklists.
Vanta’s team of customer support experts helped AI Insurance with security questionnaires, onboarding, and system integrations.
Vanta's platform provides a single source of truth for adding HIPAA to the company’s expanding compliance program.
“We set up Vanta and got everything green in a weekend. We got all those boxes checked with confidence."
The company
An automated solution for SMB insurance companies
Founded in 2018, AI Insurance began as a machine learning algorithm designed to predict the cost of insurance claims, specifically for medical malpractice. But while developing that technology, AI Insurance Founder and CEO Cameron MacArthur stumbled on an opportunity that took the product in a different direction.
“I realized that AI is great, but these companies could cut significant costs just by getting on the internet,” Cameron says. Roughly 10,000 SMB insurance companies are still using manual processes and tools like paper and pen, file cabinets, and spreadsheets. “We’re talking gigayte-size spreadsheets that take minutes to open,” Cameron says. To address this gap in the market, Cameron created AI Insurance—a top-down software solution that helps SMB insurance companies manage their business.
AI Insurance is a Y Combinator company at seed stage. Now that the company has found a market fit, it will soon get back to its original intention—artificial intelligence. “Starting in 2023, we're going to be rolling out some of our first machine learning predictions to our earliest customers,” Cameron says.
The challenge
Gaining a foothold with industry prospects
From the beginning, it was clear that AI Insurance would need SOC 2 compliance as early as possible in order to garner trust from insurance companies. “Because our platform basically runs an entire insurance company, we needed to be able to prove our security standards,” Cameron says.
A strong security and compliance program prompts customers to feel confident using AI Insurance’s product. Providing a SOC 2 report makes the decision easier for prospects. “We had a couple large customers send security questionnaires that were basically all SOC 2 questions,” Cameron says. “They didn’t explicitly say we needed SOC 2 but it was clear we needed it.”
But there was another compliance need outside of SOC 2. Quite a few AI Insurance customers are medical malpractice insurance companies. That means that the company handles, stores, and manages large amounts of personal health information. The handling of such sensitive data was enough for AI Insurance to officially pursue HIPAA. “We wanted to not just meet, but exceed, the security standards our customers are held to.”
The solution
Demonstration of trust through SOC 2 and HIPAA
After speaking with peers and researching online forums, AI Insurance decided to partner with Vanta—another Y Combinator company. “As a founder, I want to turn over every compliance and security stone to know that we’re doing everything we possibly can,” Cameron says. “Vanta was a great way to do that.”
Early in the partnership, AI Insurance leaned on the Vanta customer support team to prepare for a dense security questionnaire. “Vanta was legendary—we got white glove treatment.” The support team also helped AI Insurance integrate the Vanta platform into the company’s infrastructure. “We set up Vanta and got everything green in a weekend. We got all those boxes checked with confidence,” says Cameron.
AI Insurance also wanted a partner that could provide a clear path to compliance, especially for HIPAA. “If you go ask someone what you need to be HIPAA-compliant, everyone’s got different opinions and answers,” Cameron says. “The Vanta platform gave me a checklist and clear guidelines to follow. It’s nice to have a third party relentlessly auditing us.”
The impact
Growth enablement, new markets, and scalable compliance
After Vanta matched AI Insurance with an auditor, the company enjoyed a quick, painless SOC 2 audit. After a little more than a week, the company was well-prepared for the audit process. Vanta’s platform enables AI Insurance to easily maintain security and compliance, especially as the company grows and pursues new goals. High-level alerts notify the company when things need attention. Remediation is as simple as clicking a button.
“Vanta is really, really good at the core things you need it to be good at. It clearly shows you what’s wrong and how to fix it,” Cameron says. Anytime something needs attention, Vanta quickly sends notifications and alerts directly to email. Respondents can then create tickets to individual team members to complete action items.
With a proven product and strong market fit, AI Insurance is now focusing on the “AI-side of things,” Cameron says. In addition to releasing different aspects of their product, the company is centered on expansion and growth. AI Insurance will explore GDPR as a way to level-up security and prepare for a new phase of growth. “100 customers is a drop in the bucket when there’s 10,000 small insurance companies,” Cameron says.