Charityvest gets SOC 2 in 10 days with Vanta

The company

A modern, premier way to handle charitable giving 

Charityvest provides individuals, employees, and workplaces a modern platform that handles donor-advised funds—low-fee, tax-deductible giving accounts. The company’s primary endeavor is to offer an easy, tax-efficient, and intuitive way for people to donate to charities and causes they care about

“We help people engage in what we call purposeful giving,” says Co-founder Ashby Foltz. “Our platform helps people think about how to plan for giving, set aside money every year, including contributions of stock or cryptocurrency, to fund their personal giving account. Then, we engage them in ways that help them think more clearly about what they've set aside, in order to have meaningful impact.”

Founded in 2019, Ashby co-founded Charityvest after noticing there was nothing like it currently on the market. “There wasn’t a donor-advised fund platform that was taking advantage of all of the innovation available from modern Fintech,” Ashby says. Traditional solutions and pathways to giving are muddied with “high fees, captive products, and manual processes.” 

Looking forward, Charityvest plans to expand through community giving. “We want to provide a vehicle for groups that are pursuing a particular charitable aim and allow them to collaborate and multiply each other's giving,” Ashby says.

‍

The challenge

Winning hearts and new business through trust

“When it comes to someone's charitable giving and their financial life, the trust bar is extremely high,” Ashby says. For potential Charityvest donors, trust is among the highest factors, especially when it comes to large sums of money. Charityvest has to win the trust of users, but it also has to demonstrate security to prospects, such as financial advisors and charities. “The buying process with these entities feels similar to working with an enterprise, which creates a need for compliance,” Ashby says.

After a growth surge in 2020, Charityvest began to accrue interest from larger clients. Charityvest has already worked hard to cultivate trust with strong security policies, but prospects wanted more credibility. “More and more frequently, we kept getting the same question about SOC 2 compliance,” Ashby remembers. 

"We realized that a great arrow in our quiver is being able to say ‘yes we’ve gone through a SOC 2—and with Vanta—another reputable Y Combinator company’,” Ashby comments. “It’s a necessary credential if you’re going to be engaging with parties that have vendor management requirements.” 

‍

The solution

A reputable compliance partner committed to a tight schedule 

At first, Charityvest considered the traditional compliance path with “The Big Four” accounting firms. Between slow communications and a lack of interest from correspondents, Charityvest sought a modern solution. 

After consulting with peers and researching compliance solutions, Charityvest decided to pursue SOC 2 Type I with Vanta. “Vanta’s competitors did not seem as committed to our deadline,” Ashby comments. 

With a lean team focused on business growth and product development, Charityvest’s compliance solution needs to be as low-lift as possible. “We’re a series seed 12-person team, which meant we had to dedicate a quarter of our team to this project,” Ashby says. “We can’t afford to take our eye off the ball. The key difference was Vanta’s commitment to speed and their confident approach to getting things done.” 

In addition to Vanta’s ability to match Charityvest’s pace, Vanta’s automated platform was a deciding factor. “Knowing we could get it done on a defined timeline with a defined budget was the original attraction to Vanta,” Ashby says. “But, really what it came down to was Vanta’s software—it’s the secret sauce and it’s just so good at keeping the process moving along.” 

{{quote-2}}

The impact

SOC 2 Type 1 compliance in 10 days

After 10 days of audit preparation, system tests, and policy creation, Charityvest received a SOC 2 Type 1 report. Director of Operations Rebecca Jacobs remembers the expedited SOC 2 process as “intense but manageable.”

Between operations, engineering, and executive guidance, Vanta’s platform served as the nexus for assigning tasks and staying organized throughout the audit process. “All the support materials built directly into Vanta made the whole process very intuitive,” Rebecca says. In addition to internal organization, Vanta’s platform served as the focal point for their auditor. Documentation, policies, and security data are easily managed in one place. 

Integrations and customized templates also paved the way to SOC 2 in ten days. “Our software stack of AWS and GitHub lined up nicely against Vanta which made a lot of the steps really easy,” Ashby recalls. Working hand-in-hand throughout the process, Rebecca and Ashby leaned on Vanta’s templates to write unique policy controls. “Vanta’s policy templates give us a great foundation when it comes to customizing policies to our needs,” Rebecca says.

Charityvest had already established a strong cultural orientation toward security, but Vanta enabled the business to take certain protocols to the next level. “With the platform, we were able to improve configuration settings such as access management and permissions,” Ashby says. Charityvest’s onboarding and off-boarding protocols are now entirely handled in Vanta.

As Charityvest grows as a company, Vanta’s platform delivers a clear path to more compliance standards in less time, and at a lower cost. “It’ll be much easier to maintain SOC 2 practices because of the Vanta platform,” Ashby noted. “It won’t be hard to go from Type I to Type II when we’re ready.”