CASE STUDY
Flow Networks gets SOC 2 and PCI DSS compliant with Vanta

Integration with Flow Networks tooling
Customers have access to Vanta reports
Automated monitoring of controls and alerts
Vanta's platform provides automatic monitoring of controls and this allows us to effectively manage any issues discovered. Because of this, we accelerated our timelines, saved hundreds of hours, and thousands of dollars in costs.
Klas Hesselman
The Company
Helping banks support customers
Flow Networks provides a secure platform for Issuers and Merchants to connect with their customers in real-time, at the moment of payment, and links digital receipts back to the originating funding source so they can be easily accessed and viewed. Flow Networks helps banks and financial institutions to grow their cardholder usage and solve portfolio challenges accross the customer lifecycle.
The Challenge
Building security from the start
As Flow Networks is a fintech startup, they wanted to leverage a proven framework to help ensure that security and privacy was built into their architecture and organizational process from day one.
The Solution
Focus on PCI DSS and SOC 2
Their initial target market is heavily US based, so the team at Flow targeted SOC 2 and PCI DSS compliance. After much searching and vendor comparison, they selected Vanta as the best platform provider based on:
- An easy to use and highly automated platform (including the automated monitoring of controls and alerts)
- Integration with Flow Networks tooling (AWS, MS Office etc.) meant less work for their SRE team
- Access to a large auditing network, familiar with their platform, allowed for competitive pricing and realistic compliance timeframes
- Comprehensive policy templates
- The ability to easily share customized Vanta reports with customers
The Impact
Fast and painless audits
The Vanta team helped Flow Networks create the foundation for their security and data policies and provides real time notification when controls fall out of compliance. Compared to previous audits, the process to become audit ready was much quicker and far less painful with Vanta.
"When you lead the payments industry through a transformational change, trust is a foundational pillar, there are no shortcuts. PCI DSS compliance was therefore a high priority for us. Vanta's expert team helped analyse our compliance requirements and shared what was needed to complete an SAQ-D," says co-founder Klas Hesselman.
Klas Hesselman
Klas Hesselman
Subscribe to our newsletter
Want to stay up-to-date on all things security and compliance? Subscribe to Vanta's newsletter for the latest on compliance standards, data security, and Vanta insights.
