CASE STUDY
ÉTUDE DE CAS
How CoachHub optimised their security team's time with Vanta for game-changing efficiency
CoachHub uses Vanta to maintain SOC 2 Type 2 while saving time on security questionnaires meaning more time to focus on critical security work.
With SOC 2 Type 2 in place, CoachHub’s clients are assured that their confidential data is in safe hands.
Vanta integrates seamlessly with CoachHub’s existing tools, allowing for a high degree of automated compliance and continuous monitoring.
“We see a huge cost difference when we compare Vanta with the traditional audit process. We’re also considerably saving time. Without Vanta, we’d be looking at hiring another person to just handle all the work that an audit and its preparation creates.”
The company
Bringing career coaching to the worldwide workplace
Founded in Berlin in 2018, CoachHub is on a mission to make coaching available for everyone, regardless of their career level or location. With their AI-enabled technology platform, they help organisations create personalised, measurable, and scalable coaching programmes for their entire workforce.
CoachHub takes a scientific, holistic approach to coaching that facilitates individual, collective, and organisational transformation. Benefits include increased employee engagement and retention, higher levels of productivity, and improved job performance.
CoachHub’s network of over 3,500 certified business coaches in 90 countries provide coaching in 60 languages. They have amassed more than 1,000 enterprise-level clients around the world and raised $330M in funding to date.
The challenge
Keeping confidence: establishing highest level of data security
The nature of CoachHub’s business means that their data security practices must be strong. Both their clients and their clients’ employees rely on data security to use CoachHub’s platform, says Willem Riehl, Director of Information Security and Acting CISO at CoachHub.
“Conversations that happen on our platform between coach and coachee are always private, and nothing is recorded. For example, a C-level executive’s coaching session can touch not only on their leadership style, but also on their business strategy. It’s therefore vital that our customers trust us completely, and we want to maintain the highest standard of security.”
As the company grew, prospective clients sought more and more assurances around CoachHub’s security compliance. Their small security team of two was being inundated by security questionnaires which were time consuming and repetitive.
“The bigger the client, the more customised their expectations, and nobody enjoys spending time on a 200-question long, elaborate questionnaire,” explains Willem. “It can feel overwhelming when you have a small team and you're trying to gradually raise the security level of your company but your resources need to be stretched by filling out questionnaires. ”
No matter how detailed the questionnaire, it soon emerged that prospective customers wanted concrete proof that CoachHub’s security standards were beyond reproach.
{{quote-2}}
The solution
From a protracted traditional audit process to an unified platform
A couple of years ago, CoachHub achieved their ISO 27001. At the time, it was the security certification that prospects mentioned most often. Willem managed much of the ISO 27001 process, which meant that he had to handle a considerable amount of work alone.
CoachHub increased employee numbers from under 200 to over 400 within a year, and they set their sights on the US market, where SOC 2 was the framework of choice.
Initially, they decided to just get SOC 2 Type 1, which provides snapshot of an organisation’s internal security controls at specific point in time. This time, they used a large accounting firm to compile the report, and Willem was responsible for helping them through the audit process.
“They had a mountain of questions, which required a whole lot of detailed evidence gathering on my part. I was organising resources, mobilising everyone to supply answers; it took me months.”
The process was both time consuming and resource-intensive. Willem knew that if CoachHub was to get SOC 2 Type 2, which assesses how well security controls are working on a continuous basis, they would need to try something new.
“We started thinking about how we could do it in a more automated way, so the auditor could see that we were already 80 or 90% of the way there. We wanted to cut out a lot of the back and forth.”
{{quote-3}}
CoachHub began looking for a trust management platform that would meet their needs. They assessed a number of providers but Vanta soon emerged as the frontrunner.
“It had all the features we needed, and the Vanta team were really warm and professional,” says Willem. “They showed us all the great things that the platform could do for us, and didn’t aggressively try to sell it. It was a more human process; they gave us the space to make that important decision for ourselves.”
“Our relationship with Vanta goes beyond just the platform. We have found people who we work well with, who are invested in making things go smoothly for us.”
The impact
Saving costs, time, and effort and doubling down on security
CoachHub started using Vanta with the aim of becoming 100% prepared for their SOC 2 Type 2 audit.
With 300 integrations and counting, Vanta worked seamlessly with CoachHub’s existing tools, such as AWS, Workday, Google Workspace, Github, and Jira. This allowed the company to drive a high level of automated compliance and continually monitor and test their security controls. Vanta also made it easier to mobilise CoachHub’s teams. Automated reminders prompted employees to complete their required security tasks or resolve tests, saving time and effort on all sides.
CoachHub established, implemented, and tested the necessary security controls, and within five months they were ready to start their three-month-long audit process. With the Vanta Seamless Audit solution, they could select an independent SOC 2 auditor who was already familiar with the platform.
“The auditor was very knowledgeable and supportive throughout. They helped us to smoothly approach the audit period by giving us an indication as to what would be important for us to obtain our ready-state – things like making sure to resolve tests on time so that we were compliant with our determined SLAs,” explains Willem.
“Using Vanta helps us to connect the dots on security and saves us both time and money. If you were to try and recreate a platform like it with a ticketing tool, you would spend months just producing the automations, and then you would still have to gather evidence and run around after people, giving them access, assigning tasks, and reminding them about what they need to do," says Willem.
CoachHub is committed to maintaining a continual state of security readiness. With Vanta, they have been able to automate much of the work that goes into getting SOC 2, giving them more time to elevate their overall security programme.
“We want to grant our ISO 27001 auditors access to our Vanta instance as well. We want to make things easier for them and free up their time to dig deeper into our controls. They may be able to discover things that we could be working on, allowing us to really dive into the evidence and take concrete and impactful action,” says Willem.
“In the end, Vanta was and remains the perfect partner to allow us to achieve SOC 2 Type 2 according to typical CoachHub style: record speed, high quality, and efficient resources."
“Security questionnaires were one of our biggest pain points. Your day is taken up by describing that you are secure enough, and you don't have time to spend building the actual security.”
“We knew that simply hiring another person and dumping SOC 2 Type 2 into their lap wouldn’t work. It’s surely not anyone’s dream job anyway, running around after people to gather evidence constantly!”