CASE STUDY
ÉTUDE DE CAS

Leapsome reduces time spent on security questionnaires by 50% with Vanta

COMPANY
ENTREPRISE
Leapsome
EMPLOYEES
EMPLOYÉS
150
LOCATION
EMPLACEMENT
Berlin, Germany
SOLUTION
SOLUTION
INDUSTRY
INDUSTRIE
SaaS
VANTA CUSTOMER SINCE
ANNÉES AVEC VANTA
2021
FAST TRACK TO ISO 27001

Leapsome is a company that strongly optimizes for efficiency. With Vanta, they were able to prepare for their ISO 27001 audit in just eight weeks.

50% REDUCTION IN SECURITY QUESTIONNAIRES

Now that Leapsome has ISO 27001 certification, their customers are 50% less likely to request a security questionnaire.

AUTOMATED EVIDENCE GATHERING

Leapsome’s security compliance evidence is automatically populated into their Vanta instance, so audits take less time.

“With ISO 27001, we’ve cut the number of security questionnaires we receive from customers roughly in half. Now, we can just show them we have this recognized standard. This significantly reduced the workload placed on the information security, legal, and engineering teams.”

Marc-Alexander Vetter
Head of Finance, Leapsome
The company 

The #1 rated HR platform for people and manager enablement

Leapsome was founded in 2016 by Jenny von Podewils and Kajetan von Armansperg with a bold goal: to make work more fulfilling for everyone. Having witnessed the growing pains of fast-paced companies, the Berlin-based duo realized that good feedback, alignment, and engagement processes were crucial for business success. They created a people enablement platform that helps employees grow, managers become better leaders, and CEOs build great organizations.

Today, over 1,500 companies use the Leapsome platform to drive employee productivity, engagement, and development. Leapsome acts as a catalyst for transformation, giving employees clarity on their goals and performance while ensuring they feel valued and empowered to do impactful work.

Leapsome’s customers include Mercedes-Benz, and Unity. They have raised US$60 million in Series A funding and recently expanded to New York, opening a new office in 2022. 

The challenge

Security questionnaires that kept on coming

Leapsome’s platform is focused on people enablement, which brings a particular set of data security challenges. 

“We deal with a lot of very personal and confidential data,” says Marc-Alexander Vetter, Head of Finance at Leapsome. “People’s reviews, their professional goals and performance, alongside decisions about promotions — this is all documented in Leapsome. We have always faced questions about the safety of that information. It was a recurring topic during the sales process, and existing customers also wanted it addressed.”

Initially, when security questions arose, Leapsome’s process was to inform prospects and clients that the infrastructure that the software is built and operated on, has a SOC 2 attestation and is ISO 27001 certified. However, this did not end the inflow of security questions and customized security questionnaires. 

Dealing with these customer requests was time-consuming, particularly as Leapsome didn’t have one team or person solely responsible for data security. Marc-Alexander, Head of Strategic Projects at the time, realized that something had to change. 

{{quote-2}}

The solution

A standard that would build customer confidence

Mark-Alexander Vetter, Head of Finance, Leapsome

Many of Leapsome’s clients initially came from Europe, where ISO 27001 is the prevalent security standard and certification the company was often asked for. Therefore, Marc-Alexander decided that this was the one that Leapsome needed. 

Until Leapsome raised €60M in Series A funding in 2022, the company was bootstrapped, so they wanted to ensure the process was as painless, efficient, and cost-effective as possible. 

 “We started looking at compliance software solutions,” explains Marc-Alexander. “We wanted a certain degree of automation to help us collect information, store documents, and run certain tests automatically.”

A friend’s recommendation led the team to Vanta, but they also identified several other trust management platforms that might fit their needs. 

“We read the reviews, then we jumped on a few short calls. We really wanted to understand what the products could do and the pricing,” says Marc-Alexander. 

Ultimately, Leapsome decided that Vanta best matched all their requirements.

The impact

A fast track to ISO 27001

With Vanta, it took Leapsome just eight weeks to prepare for their first ISO 27001 audit. 

“We had pressure from customers, so were already doing a lot of things that were required for the certification,” says Marc-Alexander.

“Vanta helped us tie it all together," he adds. "Their policy templates saved us a tremendous amount of time — we didn’t have to spend days preparing and drawing them up from scratch.”

Vanta’s automation capabilities have also made compiling compliance evidence for recertification audits much easier. 

“We can stay in the Vanta platform and the evidence is there for us to go through. That’s really helpful. It ensures that we always finish our individual audit sessions quicker than the auditor expects.”

Being able to tell customers that Leapsome is ISO 27001 certified has significantly smoothed the sales process and reduced customer requests for them to fill out lengthy security questionnaires. Looking ahead, Marc-Alexander says they have plans to use Vanta’s Access Reviews and Risk Management solutions. They also intend to showcase their Trust Center on their website so potential and existing clients can view their security posture in real time.

{{quote-3}}

“I think it’s fair to say that we probably lost a couple of deals here and there because we weren’t ISO 27001 certified ourselves.” 

Marc-Alexander Vetter
Head of Finance, Leapsome

“We’ve been using Vanta for over three years, and I’m impressed by how much it has evolved. More tests have been added, and the platform has improved — it has become more technically mature, which we are very happy about.” 

Marc-Alexander Vetter
Head of Finance, Leapsome