How ShipBob scales GRC and builds customer trust with Vanta

THE COMPANY

From startup to global fulfillment powerhouse

Founded in 2014, ShipBob’s mission is to empower small- and medium-sized ecommerce businesses with best-in-class fulfillment services and supply chain management. The company’s ability to help customers find success and stay competitive allowed ShipBob to transform from a Y-Combinator startup into a leading global fulfillment platform that has shipped well over 100M orders since inception. 

One of the first steps in this transformation journey is elevating ShipBob’s approach to security and governance, risk, and compliance (GRC). As Director of Technology GRC at ShipBob, this responsibility fell to Heidi Pilli. Leading a lean team, Heidi creates and implements ShipBob’s strategies for effective governance, which includes managing compliance processes and controls to mitigate risk. To support the company’s growth, Heidi and her team needed a solution that would allow them to maintain compliance without requiring more time or maintenance. 

‍

THE CHALLENGE

Navigating the complexities of compliance

Heidi and her team knew they needed to make a change when their manual processes started to hold ShipBob back from reaching compliance milestones. The time and attention the team needed to track and monitor controls and gather evidence for certifications wasn’t scalable as ShipBob expanded its operations and client base. 

The team began looking for a simplified way to automate processes and get compliant as quickly as possible. “We were looking to become ISO 27001 certified and SOC 2 certified,” Heidi says. Without these certifications, ShipBob risked the trust and security of its current customers and its relationships with prospective customers.

{{quote-2}}

‍

THE SOLUTION

Finding a one-stop shop for GRC and customer trust

To reach its compliance goals, ShipBob needed a solution that could be implemented quickly and easily. Automated control monitoring and evidence gathering across multiple frameworks, risk assessment, audit facilitation, and modern interface were features the team looked for in every solution they vetted. After evaluating several options, ShipBob chose Vanta.

“From previous experience with other GRC platforms we didn't want a package that was a heavy lift to implement nor did we want a proprietary tool owned by an auditor,” says Heidi. “We evaluated three other market alternatives, and Vanta was superior in our comparison of our requirements.”

Heidi notes that Vanta was the easiest way to implement their controls and be audit-ready without adding to the team’s workload. By implementing Vanta as its central GRC platform, ShipBob could leverage its capabilities to streamline its compliance efforts, manage risk, and build trust with customers.

"Vanta is our one-stop shop for all things compliance and GRC," says Heidi. "We use Vanta to conduct our risk assessments, continuously monitor our controls and processes, user access reviews, as well as conduct our audits with our external auditors."

‍

THE IMPACT

Scaling GRC, enhancing efficiency, and building trust

With the help of Vanta, ShipBob built its IT compliance program over six months and achieved SOC 2 and ISO 27001 compliance in just two and a half weeks. Vanta’s partnerships with leading security and compliance companies, including auditors, was incredibly beneficial to the process as well. 

“With A-LIGN and Vanta, we conducted two audits simultaneously in two and a half weeks. A-LIGN had their SOC 2 auditors and ISO 27001 auditors on the calls and in Vanta at the same time. They piggybacked on areas where the controls overlapped, and for the delta, they conducted separate discussions,” says Heidi. “Providing direct access to Vanta also ensured an efficient audit process by reducing unnecessary emails and delays in evidence review, sample selections, and follow-ups from the auditors.”

Automating processes through Vanta has saved ShipBob significant time and resources, resulting in the launch of a Trust Center through Vanta. With the Trust Center, ShipBob can easily build trust by showcasing its security posture and compliance achievements to clients and prospective customers. 

Additionally, Vanta helps ShipBob efficiently manage its GRC program as the business grows. Heidi and her team can pinpoint focus areas within Vanta as new regulations or customer requirements pop up without much disruption to control owners. This gives the team more time to scale the program and work efficiently, instead of constantly playing catch-up. Heidi notes they have consistently been able to implement new features from Vanta as they scale without much lift. Currently, they have one and a half people dedicated to it, with Vendor Risk Management implementation next on their list. 

For Heidi, the support from Vanta is key to further scaling ShipBob’s GRC program and building trust with future and prospective customers. “Through our collaboration with Vanta, we learn about the latest advancements in the GRC space, and that allows us to really accelerate the advancement of our GRC program,” says Heidi. 

With Vanta as a collaborative partner, ShipBob is confident it can continue to evolve to meet the needs of its customers and remain competitive in the global supply chain and fulfillment industry.

{{quote-3}}