CASE STUDY
ÉTUDE DE CAS
How Sitoo uses Vanta to achieve compliance in over 20 countries
Sitoo’s retailers are global and every country has different cash register laws. Using Custom Frameworks, Sitoo can easily build frameworks that allow them to become compliant in over 20 countries.
Sitoo is able to share their Trust Center with prospective clients to prove their compliance and demonstrate trust proactively and instantly.
After 7 months, Sitoo gained ISO 27001 compliance and became audit ready for SOC 2 compliance in two additional months — compared to taking a full year with 3-4 consultants.
“Creating custom frameworks has been a great value add for us while working with multiple countries with various cash register laws. Vanta Custom Frameworks has helped us organize the compliance content in a sophisticated way, visualize compliance progress accurately and collaborate with different teams during the compliance process in a systematic way.”
The company
A unified commerce platform for global retailers
Sitoo is a cloud-native Point of Sale (POS) and Unified Commerce Platform that helps global fashion and lifestyle retailers create positive shopping experiences every time and everywhere. Driven by the belief that shopping should be simple and seamless, Sitoo enables retailers to unify all physical stores and online sales channels in real-time.
Sitoo serves leading retailers like Levi’s, Skechers, Hummel and Georg Jensen across the globe that adhere to different local laws. Because of the confidential customer data they process, they realized that they need to assure customers that their data is secure and that they are compliant across the various frameworks and requirements in each country.
The Stockholm-based company initially began selling locally in Sweden, where Sitoo’s familiarity with local cash register laws meant little resistance throughout the sales process. However, as they expanded their customer base beyond Sweden to the rest of Europe, Asia, and North America, Sitoo had to meet each country’s standards, which was no small task.
The challenge
Compliance needed to win customers with a need for custom frameworks
As Sitoo grew and approached prospects in different countries, security became an important consideration, coming up often in the RFP process. Furthermore, customers would also ask that Sitoo fill out long and arduous security questionnaires. Thus, Sitoo knew that compliance frameworks would be pivotal for them to meet their growth goals and proactively address any questionnaires that would come their way. “It was getting harder in sales conversations to convert customers as we didn’t have a structured way to show proof of security,” said Magnus.
As a result, they realized the importance of complying with ISO 27001. Magnus stated, “It became evident that we needed to comply with ISO 27001. We made a promise to our customers that we would become compliant within the next 7 months.”
An additional challenge that Sitoo encountered was selling to retailers with stores across the globe, who each have unique federal laws they needed Sitoo to follow before doing business with them. “Our business needs to comply with different regulations in various countries, requiring customized frameworks for each location,” said Magnus. Without ISO 27001 compliance and adherence to these custom frameworks, Sitoo knew that it would be difficult to break into these countries.
The solution
ISO 27001 compliance in seven months — and a seamless way to build international frameworks
The Sitoo team knew there were better paths than managing compliance manually. “We were well familiar with the manual route — we knew the cost and effort required — so we did not consider it,” said Magnus. Thankfully, Magnus already knew of Vanta from his time at a previous company and was sure it would be helpful for Sitoo. Even so, he looked at a few competitors to be sure it was the best choice.
As Magnus and his team assessed options, Vanta was a clear winner, offering wide-ranging integrations, support, and automation without the need for a consultant. Magnus was assured that Vanta had the experience and tenure necessary to complete their audit in their preferred time.
Sitoo signed with Vanta and became ISO 27001 compliant in seven months and found working with Vanta to be a smooth process. Magnus especially found that Vanta’s included policy templates provided them with a good baseline to customize and define their security program.
“Vanta provides a template for how you should look at these standards," says Magnus.
Not only that, but Vanta was able to address international challenges through Vanta Custom Frameworks. With Custom Frameworks, Sitoo has been able to build over 20 custom frameworks to manage and maintain their compliance requirements for each of their global markets efficiently. Furthermore, overlapping controls could be reused, helping Sitoo save additional time when it comes to creating new frameworks. “Creating custom frameworks has been a great value-add for us while working with multiple countries with various cash register laws. Vanta Custom Frameworks has helped us in organizing the compliance content,” says Magnus.
Sitoo is also taking advantage of Trust Center, which makes it easy to provide real-time evidence of compliance to prospective customers.
{{quote-2}}
The impact
Compliant and being able to prove it
Sitoo has now paired their ISO 27001 compliance with their SOC 2 attestation, well positioning themselves to win new customers and expand internationally. “It's almost impossible to achieve global scalability without a tool such as Vanta ,” said Magnus. With SOC 2 compliance in place, Sitoo is now focused on expanding into the US market in 2024.
Sitoo has saved a massive amount of time and costs, as well. In Magnus’ previous role, it took four full-time consultants one year to be compliant. But with Vanta, it took 5-7 months without the need to make additional hires. Magnus estimates that this saved the cost of hiring two full-time consultants to complete the task.
{{quote-3}}
Thanks to their partnership with Vanta, Sitoo is not only compliant but also able to prove it to prospective retailers who are considering their product.
“Trust Center has been a door opener for us. Everything now fits together from a sales lifecycle perspective, making it easier to win deals.”
“Instead of hiring two full-time consultants and spending a year on the process, we achieved compliance in just seven months, saving time and costs.”