CASE STUDY
ÉTUDE DE CAS
How Ashby (YC W19) automated SOC 2 and scaled their business with Vanta
By automating evidence gathering and compliance monitoring for SOC 2, Ashby saves an estimated 4-8 hours per week—allowing them to focus on other essential security tasks and deflect security questionnaires.
With SOC 2 in place, Ashby was able to demonstrate trust with security-conscious customers and move into the enterprise segment, enabling them to win more large deals
With Vanta in place, Ashby can win new customers and assure existing ones that their data is secure—helping Ashby improve the customer experience and grow into new markets.
“Vanta helps us make sure our controls are in place and working well. This is essential not just for the sake of SOC 2, but for the sake of Ashby protecting our customers and demonstrating our strong security posture.”
The company
All-in-one recruiting software for ambitious teams
Ashby offers a modern, all-in-one recruiting platform that helps companies manage their hiring processes. Founded in 2018, Ashby joined Y Combinator as part of their W19 batch, and emerged out of stealth soon after. They’re growing rapidly as they continue to attract enterprises and startups alike. As of 2024, Ashby’s team has nearly doubled—with over 170 employees serving almost 2,000 customers.
To continue their expansion into the enterprise segment, Ashby wanted to make sure their security and compliance approach was as comprehensive as possible. After all, the platform handles sensitive data, including calendar information, email information, compensation, and other confidential details that need to be protected.
The challenge
Manual processes coupled with increasing requirements
From the start, Ashby’s co-founders, Benjamin Encz and Abhik Pramanik, knew that they would need to prioritize security and compliance to grow the business. However, they had never been through the compliance process before. Before purchasing Vanta, the Ashby team relied on spreadsheets to check compliance requirements, which was time-consuming and increased the likelihood of human error. They’d heard that collecting evidence for an audit was a tedious process that would slow down their goals for ambitious growth, so they sought a solution that would make it more efficient.
“The Y Combinator community raved about Vanta, and the idea of having software do a lot of the work for us was very appealing,” said Benjamin. They decided to sign with Vanta in 2020 after learning that they’d get guidance on how to be audit-ready quickly, as well as introductions to auditors who were familiar with startups like theirs.
After going through their first few SOC 2 audit cycles with Vanta, Ashby’s founders knew that in order to fuel further growth, they needed to invest in a dedicated security and compliance function. That’s when they brought on Frank Weigel as their Head of Security & IT in 2024. The combination of market demands and growth velocity signaled that it was the right time to have a dedicated expert.
Frank knew that as Ashby expanded into the enterprise market, they needed to maintain their SOC 2 attestation and continue to use the security solutions that Vanta provided to build trust and credibility. Not only that, but Ashby had expanded into the European market, which requires additional frameworks.
The solution
Automated compliance and centralized security management
With the help of Vanta, Frank kicked off Ashby’s yearly SOC 2 compliance process soon after joining Ashby. Vanta’s automated evidence gathering and centralized dashboard made it easy for Frank to monitor and maintain compliance controls—all without relying on spreadsheets. And with Vanta’s continuous monitoring capabilities, Frank had real-time visibility into compliance risks so that Ashby stayed compliant between audit cycles—meaning there was little work involved to become audit-ready.
To simplify the audit process, Ashby took advantage of Vanta’s partnership with BARR Advisory, a well-regarded auditor. By giving BARR direct access to compliance data through Vanta, Frank was able to reduce the manual workload typically required during audit preparation. This integration helped streamline the auditing process, making it possible for Ashby to complete its most recent SOC 2 audit in just six weeks.
{{quote-2}}
Vanta helped make the security questionnaire process more efficient as well. “Having SOC 2 compliance deflects some of the security questionnaires we get, as it’s a known and expected standard for many companies,” said Frank. “This saves me a fair amount of time.”
The impact
Improved security and compliance processes
By implementing Vanta, Ashby significantly improved its security and compliance processes, leading to streamlined operations, increased efficiency, and strategic growth.
Vanta’s automation saves Frank an estimated 4-8 hours per week, allowing him to focus on other essential security tasks. This efficiency also accelerated audit preparation, allowing Ashby to complete its most recent SOC 2 audit with BARR Advisory in just six weeks.
SOC 2 certification became a key differentiator, helping Ashby close deals with enterprise clients that require rigorous security compliance while also reassuring existing customers of its strong security posture.
Additionally, Vanta’s continuous monitoring provided ongoing visibility into compliance risks, allowing Ashby to proactively address security gaps and maintain compliance across multiple frameworks.
With Vanta’s automated compliance solution, Ashby is strategically positioned to expand into new markets by implementing additional frameworks, including Europe, where compliance requirements such as ISO 27001 might become necessary.
{{quote-3}}
“Vanta provided guidance on not only setting up the software, but the SOC 2 process itself. They also introduced us to their network of auditors.”
“Without Vanta, I would’ve had to conduct manual audits, wasting a lot of time. Vanta saved me about 4-8 hours per week.”
.png)
.png)
.png)