How Bend gained SOC 2 compliance to facilitate future growth

The company

Helping companies be more climate-friendly

Founded in early 2022, Bend is intent on helping companies become friendlier to the climate and be recognized for their efforts. Bend provides customers with Climate Reports that shows a measurement of their emissions — that they then use to help them reduce or offset these emissions.

To fulfill this mission, Bend connects financial accounts for their customers and then estimates CO2 equivalent emissions based on the services they buy.

Because Bend handles financial data for their customers, security is a top priority. As soon as the company launched and won their first customer, they partnered with Vanta through their Y Combinator partnership in an effort to gain SOC 2 compliance.
‍

The challenge

Sensitive data requires tight security

Bend’s services rely on access to customer financial data, offering information about climate impact by taking stock of their spend. Business activities provide crucial information – for example, if a customer spends a certain amount on flights to conferences or pays for Amazon Web Services, that has a tangible carbon impact.

Financial data is extremely sensitive and companies are very selective about who and how they grant access. When Thomas Moore, CTO, and Ted Power, CEO, first started Bend, they had an extremely high bar for security. “We needed to make people feel comfortable sharing their financial information,” said Ted.

The Bend team was also looking to the future. “We recognized that our first ten customers might not ask about our level of compliance, but that questions about security would come up as we grew,” said Thomas. “Because of this, we wanted to start out with the right tools so we would be set up for long-term success.”

The matter was pressing as well – Bend’s first customer went through an acquisition shortly after signing on. The larger parent company that acquired Bend’s customer required SOC 2 compliance to work together. Bend made a commitment to this customer, promising that they were in the process of seeking SOC 2 compliance, which helped to mitigate any security concerns that may arise.

‍

The solution

A trust management platform to future proof the business

The Bend team was introduced to Vanta through the Y Combinator network and was immediately impressed by the possibilities. “We didn’t assess any other options because we loved the user experience and the way the product looked,” said Thomas. “It seemed like a solution that would offer us a gateway to minimum viable security.”

Upon taking a demo with Vanta, it seemed like it would help them gain SOC 2 compliance efficiently. The co-founders knew from their prior roles how long it would take if they decided to go the manual route — at one company, it took six months with one person working on it full-time, while at another company, it was slightly faster, but had four full-time employees working towards the goal.

{{quote-2}}

Furthermore, Thomas and Ted felt that the two companies were in alignment with their beliefs about providing transparency to customers through real-time reporting.

Thanks to their adoption of Vanta, Bend now has a SOC 2 report in hand to share with existing and prospective customers. The process was extremely efficient. The team started the process in Fall 2022, started their audit by the end of the year, and received their SOC 2 in early February 2023. All in all, it required no more than 40 hours of preparation for their audit.

‍

The impact

A bright future with opportunities for expansion

‍
This demonstration of trust helps Bend compete in deals that they otherwise would’ve lost or been disqualified for. Their SOC 2 and Trust Center are in their sales decks and website and are one of the first things they point to when asked about their security posture. When prospects ask any questions about security, they are able to proactively deliver information, helping gain confidence that financial data will be safe with Bend.

{{quote-3}}