CASE STUDY
ÉTUDE DE CAS
Flossie saves time while building trust with Vanta
At each step of the way, Vanta provided Flossie with the security and compliance expertise needed to obtain its SOC 2.
Robust automation for policies and documents has saved Flossie countless hours in manual tasks.
Flossie can now provide potential partners with immediate assurance of its security compliance.
“As an entirely cloud-based software company, we've found Vanta to be an excellent compliance solution due to its robust and reliable integrations—a critical requirement for cloud-based infrastructure.”
The company
Pioneering the e-commerce of hair services
Flossie is a trusted conduit connecting professional haircare brands to their salon network data. By integrating with existing salon booking and POS software, Flossie enables brands to offer seamless click-to-book experiences. The company offers bespoke products for data utilization, such as custom booking sites and automated salon locator tools.
Flossie operates globally, with core markets in North America, Australia, the UK, and Europe. The company partners with leading haircare brands who use Flossie’s technology to power its branded booking site, helping to modernize the professional hair services industry and boost salon performance.
Founded in 2012, Flossie pioneered the “e-commerce of hair services,” revolutionizing how hair and beauty appointments were sold, booked, and managed across hundreds of salons in New Zealand and Australia. They created a way to merchandise and promote hair services to attract salon customers—something that previously had never been considered in the category.
As the business grew, the underlying technology became more sophisticated, capable of connecting with any salon software system. This minimized administrative tasks for salons on Flossie’s platform, automatically syncing appointments with existing salon software. This innovation laid the foundation for addressing another significant market gap.
The challenge
Arduous tasks and wasted time on repetitive security reviews
With extensive industry experience, Flossie’s founders were approached by professional haircare brands struggling to track and aggregate data from their extensive salon networks, leaving them unaware of who was actually using their products.
Despite spending millions on promoting salon partners via social media, brands had no way to convert this marketing into bookings. The gap between brand creativity and salon appointments was evident, with no easy way for customers to transition from seeing a look to booking an appointment.
By seamlessly connecting haircare brands with their valuable data, Flossie transformed this key business area for salons across the globe.
In the early stages of partnering with the largest multinational haircare brands in the world, Flossie’s vendor onboarding and security took a lengthy 12-24 months.
Without a mature security compliance framework in place such as SOC 2 Type 2, the process required independent security reviews, resulting in duplicate work and wasted time.
The solution
A hassle-free approach to compliance
Recognising the need for a robust compliance platform, Flossie began shopping around to find a software partner that met their numerous requirements—which included targeted automation, fit-for-purpose integrations, local support (i.e. having a CSM in their timezone), and the ability to manage custom policies.
After researching multiple providers across Australia, the US, and New Zealand, Flossie ultimately decided that Vanta’s solution was the best match for their complex and specific organizational needs.
As Cath Carlsen, COO of Flossie, explains, the company relied on Vanta to help it understand exactly what was required to obtain its SOC 2: “After integrating all our systems, we got Vanta to then ‘tell us what we needed to do’ so we could identify what the rest of the gaps were”.
Being able to draw on Vanta’s extensive expertise and guidance proved hugely valuable, allowing Flossie to leverage the platform’s pre-existing template layouts to enhance its existing documentation.
“Vanta allowed us to easily ‘tick off’ all our actions to get us to a pre-audit state, then identify all the big gaps we needed to fill.” - Cath Carlsen, Chief Operating Officer, Flossie
Partnering with Vanta enabled Flossie to satisfy all its crucial requirements, while also overcoming particular obstacles and pain points within its processes.
This included the ability not just to upload and edit custom policies, but also to automate their management—something that could have been extremely admin-heavy and time-consuming given the numerous ongoing tasks involved.
In addition, Vanta offered the capability to perform seamless security reviews and efficient onboarding and offboarding—which was of great importance to Flossie—as well as being able to support multiple devices for each user.
By covering off both the critical needs and nice-to-have features on Flossie’s list, Vanta’s trust management platform ensured that obtaining SOC 2 was a smooth and straightforward journey for the whole team.
“I can’t fathom getting prepared for SOC 2 without an automated compliance solution like Vanta steering us in the right direction. Having different third-party tools hosting our documentation, policies, cadences, risk register, and third-party partners’ policies would require an entire dedicated full-time team to manage.” - Cath Carlsen, Chief Operating Officer, Flossie
The impact
Frictionless processes, streamlined operations
Achieving SOC 2 Type 2 compliance has resulted in productive sales discussions, as there are fewer concerns around security.
No longer having to perform individual security assessments for every potential vendor—a process that previously took 6 months to complete—has saved significant time while increasing the likelihood that the companies in question will partner with Flossie.
“Vanta is now the singular platform for managing all our policies, risk register, third-party integration compliance, penetration tests, and more. Everything is contained in one place.” - Cath Carlsen, Chief Operating Officer, Flossie
The auditors from Vanta’s auditor network were particularly helpful when dealing with some of the more challenging SOC 2 controls. As Flossie’s Chief Security Officer, Steve Torrance, explains, “Timeframes for resolving requests for evidence were more generous than we had anticipated, making them easy to schedule alongside other tasks without major disruptions to regular development. ”
Achieving SOC 2 Type 2 compliance has significantly boosted the morale of Flossie’s development and IT departments, while employees feel validated, knowing they are performing their roles properly and diligently. According to Cath, "Team leads shouldn’t underestimate this milestone; it deserves more recognition internally."
Flossie will consider additional compliance frameworks in the near future. The company also hopes to use its experience of obtaining SOC 2 to educate other New Zealand technology companies looking to export into the US, offering insights from its own journey to empower other businesses wanting to follow a similar path.