Automating compliance with Vanta

Vanta was able to help The MJ Companies align with NIST CSF and get their SOC 2 faster and with lower costs than using an outside firm.

Proactively demonstrate security and compliance

The MJ Companies can now point prospects and customers to their Trust Center, which provides the most up-to-date pertinent information about their security posture.

Streamlining security questionnaires

With Vanta, The MJ Companies can automatically generate answers to security questionnaires using information from their Trust Center, saving them countless hours.

“It seemed like Vanta was too good to be true, but once we saw what the tool could do, we knew that it would help us reach our goals.”

Braden Pitts
CISO & SVP, Enterprise Technology, The MJ Companies
The company

An insurance broker moving upmarket

Founded in 1964, The MJ Companies has long been in the business of delivering commercial and personal insurance, risk management, employee benefits, retirement, compensation, and total rewards consulting. The company now has a lofty goal – to become the 65th largest insurance broker in the US by its 65th birthday.

To achieve this goal, The MJ Companies need to move upmarket and attract larger customers, which means maturing and scaling their security practice. Because the organization manages highly sensitive data about employee benefits and customer financials, prospective customers care deeply about the company’s commitment to security.

When Braden Pitts, CISO & SVP, Enterprise Technology, joined The MJ Companies, he knew that there was much to address when it came to governance, risk, and compliance (GRC). In order to best serve prospective and existing customers, Pitts and his team set out to align the organization with NIST, attain their SOC 2, and build a self-service Trust Center that would make it easy to share details about their security approach.

The challenge

Navigating higher expectations for proof of trust 

After the SolarWinds breach in 2020, the team at The MJ Companies noticed that prospects and customers were paying closer attention to how the company was managing vendor risk. “We saw more prospective clients asking questions during the RFP process, and we saw that larger clients had tighter corporate governance,” said Braden.

To compete in the space, the team sought to align their practices with the NIST Cybersecurity Framework, as that could help them manage different frameworks such as HIPAA and ISO 27001. They also recognized that they needed to get a SOC 2 report.

“During the sales cycle, we want our clients to trust us and know that we protect their data." says Braden. "The easiest way to do that is to say, ‘here’s our SOC 2 and last audit.’”

Braden and his team sought external assistance and considered hiring big four CPA firms as well as a local CPA, and were deterred by the timeline as well as the costs. “Using a big four firm would’ve been a monumental financial investment — it was a six-digit number, and the process would’ve taken a year or two,” said Braden.

Then, the team found Vanta, which delivered both speed and value. “We wondered if Vanta was too good to be true,” said Braden. “We were able to get in, play around with the tool, and that gave us the confidence to stand in front of our leadership team and recommend Vanta.”

The solution

An integrated, easy-to-use trust management platform

As soon as Braden and his team began using Vanta, they saw that the platform was a good fit for their needs. The team liked that it integrated easily with their existing environment and took advantage of Vanta’s suggested templates and controls, appreciating that Vanta offered automated compliance that plugged into existing systems.

They also found that it was very user-friendly. “We have a lot of non-technical users who need to gain information about our stance on security,” said Braden. “Vanta’s user interface was easy for everyone to use.”

Vanta helped the team streamline security reviews, as well. Trust Center emerged quickly as a solution to their challenges, as they were receiving a lot of security questions from both prospective and existing customers. 

“Trust Center allows prospects to easily get the security information they need when making a purchasing decision, which increases confidence and shortens the sales cycle," says Braden.

Trust Center also helped The MJ Companies automate responses to security questionnaires. “We are getting a lot of security and compliance questionnaires as prospective cclients go through our RFP process and we’re also seeing existing clients implement vendor management solutions,” says Braden. By using information stored in their Trust Center, as well as answers from past questionnaires, The MJ Companies is able to streamline the process of completing questionnaires. Now they no longer need to start from a blank questionnaire each time by automating the tedious and repetitive manual work of completing questionnaires, which saves their security team countless hours. 

{{quote-2}}

The impact

A foundation built on customer trust

Now that The MJ Companies is fully onboarded with Vanta, they’re able to provide prospects and clients with the security information they need, generating trust and making it easy to win deals as they move upmarket. They’re now able to point to their SOC 2 audit to prove their commitment to security. Not only that, but the organization is now aligned around security.

{{quote-3}}

“Questionnaire Automation paired with Trust Center gives a self-service option so people can get what they need when they need it.”

Braden Pitts
CISO & SVP, Enterprise Technology, The MJ Companies

“Everyone at The MJ Companies is now aligned around security. We have a single point of focus and are well-positioned to reach our goals.”

Braden Pitts
CISO & SVP, Enterprise Technology, The MJ Companies