Granola achieves SOC 2 compliance in 3 months and unlocks B2B sales with Vanta

THE COMPANY

Building tools with AI to help people think better

Granola is an AI-powered notepad for meetings. Users jot down the things that matter to them (just like a regular notepad) and Granola transcribes in the background. When the meeting ends, Granola uses AI to flesh out the notes and make them great. Users can even chat with Granola about their meeting notes: ask it to recall things, to analyse themes across notes, or to take actions, like writing a follow up email. 

The company recently released Granola for Teams. With team folders for meeting notes, users can share context quickly, build collective intelligence over time, and ask questions across a collection of meeting notes.

As Granola’s user base grew exponentially, and the company built a category-defining platform, security and trust became foundational. 

‍

THE CHALLENGE

Selling to the enterprise without SOC 2 was a challenge

While security has been critical to Granola since day one, the team learned that certifications that demonstrate their commitment to compliance and security were necessary for continued growth. “When we started selling to larger companies, SOC 2 certification became a sticking point and something we knew we needed to address,” says Jonathan Kim, lead security engineer at Granola. With enterprise deals taking considerably longer without SOC 2 certification, the team needed a way to prove their security practices and earn trust quickly to match their rapid user growth.

But while SOC 2 certification was vital, it was a major undertaking for a small team with an ambitious roadmap. Jonathan notes that managing security questionnaires on an ad hoc basis was time-consuming and inefficient, often taking his focus away from building a better product. 

And because Clementine Markman, Founding Operations Lead at Granola, had first-hand experience implementing another framework—ISO 9001—manually, she knew they needed a dedicated solution. Without one, the work would be “tedious, bureaucratic, and unreliable,” creating bottlenecks that would continue to waste valuable time. 

To take Granola to the next level, the team sought a solution that had a great reputation and offered speed and automation to reduce manual effort. 

“We’ve always prioritized security, but SOC 2 gave us the rubber stamp we needed to prove it.” 

Jonathan Kim, Engineer, Granola

‍

THE SOLUTION

From manual work to rapid progress

As Granola began exploring solutions, Vanta’s reputation for speed, automation, and reliability made it the obvious choice. “When our CTO asked other startups, Vanta was the name that came up the most. There was great feedback from everyone,” says Clementine. For her, the decision to go with Vanta was a huge relief. “When I joined Granola, I heard Vanta was already implemented and I was super happy. I knew the process was going to be a lot easier.”

By adopting Vanta to streamline its entire compliance workflow, Granola can:

• Implement SOC 2 readiness and monitoring to meet enterprise requirements quickly. 
• Automate employee onboarding and offboarding tracking, ensuring continuous compliance with personnel controls. 
• Share trust documentation and provide a self-service portal for customers via their Trust Center. 
• Get real-time support with key app integrations, like Slack. 

Vanta’s extensive partner network also connected Granola with its audit partner, Workstreet. Workstreet was instrumental in helping Granola achieve SOC 2 compliance by guiding the team through the observation period. Clementine notes that the weekly calls with Workstreet, along with their deep knowledge of Vanta’s platform, helped make the process seamless, ensuring they stayed on track for certification. 

‍

THE IMPACT

Building trust and creating a strong security foundation

With Vanta, Granola achieved SOC 2 compliance quickly, becoming audit-ready in just over four months. “The SOC 2 journey with Vanta was straightforward,” says Jonathan. “We knew exactly what we needed to do and when.” SOC 2 accelerated Granola’s move upmarket, allowing them to re-engage with stalled enterprise deals and restart conversations with potential customers. 

Vanta has also saved the team a significant amount of time. “Before Vanta, I would have had to spend all my time on SOC 2,” Jonathan says. “I was spending two days a week on security questionnaires. Now it’s just an hour.” This alone has translated into a 90 percent time savings for engineering.

From Clementine’s perspective, Vanta has created operational efficiency, becoming an intuitive and reliable central hub for Granola's security and compliance efforts. She considers getting SOC 2 certified with Vanta and Workstreet a huge milestone, adding that it has allowed her to “spend less time on maintaining compliance and more time on scaling operations.” 

By leveraging Vanta and Workstreet, Granola not only achieved its compliance goals but also made security a scalable part of the business. The company is now ready for its next phase of growth after raising their $43M Series B funding and is confident it can continue to build a security-first culture without compromising innovation. 

Vanta has also been crucial in accelerating Granola’s adoption and enabling next steps for product expansion. As Jonathan notes, Vanta helps them “continue to make Granola useful for more people,” while empowering the team to move quickly without compromising on trust.  

“With Vanta, I got back to building product instead of managing bureaucracy.” 

Jonathan Kim, Engineer, Granola

‍