CASE STUDY
ÉTUDE DE CAS
How incident.io turns compliance transparency into market value
Vanta Trust Center gives incident.io the ability to quickly share important compliance documents with prospects.
With data readily available in Vanta’s platform, incident.io puts evidence collection on autopilot in preparation for annual audits.
Vanta’s Connectors API provides a creative space for incident.io to develop and publish their own integrations in real-time.
“Vanta is proven to work. When it came to getting a SOC 2, it made my life incredibly easy and therefore I have a high degree of trust in the company.”
The company
Plug-n-play incident response for all
incident.io provides world-class incident management software, neatly housed in Slack. The platform offers automated assistance, customizable workflows, and analytics-based insights to mitigate risk. Altogether, incident.io delivers a robust yet accessible solution that softens even the toughest internal challenges.
Before incident.io, the company’s three founders—Stephen Whitworth, Chris Evans, and Pete Hamiton—were the engineers responsible for handling incident software at U.K.-based online bank Monzo. In his off time at Monzo, incident.io CPO Chris Evans developed quality-of-life incident software as a way to remediate manual workflows for his team.
“When I started at Monzo there were 200,000 customers,” Chris says. “When I left there were six million, and the incident software I created was being used dozens of times a day.” After witnessing the efficacy of Chris’s homebrewed software, the soon-to-be incident.io founders realized there was nothing like it available on the market.
The challenge
Unlocking the US market with SOC 2
To ensure steady growth in the US market, being compliant with SOC 2 is virtually table stakes. Empowered by a considerable phase of hyper-growth, and with international expansion as a north star, incident.io was eager to find a trustworthy compliance partner who could offer a low-lift implementation with reliable automation.
Originally based in the UK., incident.io has had its eyes set on the US market since the beginning, and now that goal has come to fruition thanks to recent investments. In July 2022, incident.io raised $28.7 million in a Series A round led by Index Ventures. Combined with a previously unannounced $5.5 million seed round, incident.io accumulated $34.2 million. incident.io now has offices in New York with possible plans for a SoHo office in view.
Despite incident.io’s recent wins, compliance and security have also ranked high on their list of top priorities. Incidents that occur at most companies are usually tied to security in some manner. Read: you can’t create a successful risk-response software company without owning compliance and security right out of the gate.
Because Chris was heavily involved during the audit process at Monzo, he had clear memories of unnecessary strain that plagues the traditional compliance process. “I knew from day zero that I wanted to get compliance and security in place early,” Chris says. Now, Chris makes it a priority to avoid tedious audits and unnecessary manual processes for team members at incident.io.
The solution
Automated compliance as a lever for transparency
incident.io was born from a need to replace manual workflows with automation, and that’s exactly the kind of tool Chris Evans sought to handle compliance. Chris quickly decided to move forward with Vanta to pursue SOC 2 after finding positive feedback and customer reviews online.
“The sole purpose for Vanta’s software solution was to remove toil and low-value work,” Chris says. “Someone shouldn’t have to go in and take screenshots to gather evidence. That can all be done with automation.” Chris knew that prioritizing compliance early in the company provided the added benefit of deeper security with fewer applications and processes to secure.
“A platform like Vanta can easily plug into our system. Being a young company with little infrastructure, it felt like easy mode,” Chris says. After Vanta was fully integrated, it only took incident.io two to three weeks to write policies and prepare for its first SOC 2 audit. “We can be confident things are always working. The platform streamlines the audit process and our auditors can directly access up-to-date evidence themselves.”
Vanta Trust Center
As the manager of compliance at incident.io, Chris wanted to offer prospects a single source of truth, a “compliance packet” that demonstrated a commitment to security, despite being a young company. Vanta Trust Center provides an easily accessible hub that contains all of incident.io’s compliance and security documentation. In contrast to a static report or snapshot, Vanta Center gives incident.io an opportunity to show prospects a living testament of their security standards.
Before Vanta Trust Center, incident.io was using a different product to house all their security documentation. When it comes to demonstrating security for prospects, Vanta Trust Center is “a better way to convey all of our security information,” Chris says.
The impact
Shorter sales cycles, low-stress audits, and new partnerships
During the sales cycle, incident.io allows prospects to see their reports, penetration test results, and all other security documentation. Without sifting through endless documents and links, sales team members simply send a URL that directly links to the Vanta Trust Center portal.
Once in Trust Center, prospects can easily find critical security information such as infrastructure security, product security, internal procedures, and more. By leaning into this kind of accessible transparency, incident.io experiences accelerated sales cycles, deeper insights through tracking, and a higher level of trust and rapport with potential customers.
Looking forward, Chris foresees little friction or workload when it comes to annual SOC 2 audits. In addition to Vanta’s continuous automation, Chris is able to leverage Vanta’s support team members and in-house experts.
“Our onboarding experience was excellent—really, really strong. Our CSM told us exactly what we needed to do and what we didn’t need to worry about at all. It can be daunting to go through this stuff. To have someone who can impart their experience gives you a lot of confidence.”
Technology partnership with Vanta
During their SOC 2 audit with Vanta, incident.io discovered an opportunity to enhance the Vanta platform with incident response capabilities. After building a custom integration between incident.io and Vanta, the company officially became an API technology partner.
Technology partners can use Vanta’s Connectors API to build and publish their own integrations on Vanta’s integration network. Partner-built integrations look and operate like native connections, working seamlessly for Vanta users.
“We recognized from getting our SOC 2 with Vanta that there's massive potential in being added as a supported service,” Chris says. “Our integration with Vanta allows mutual customers to easily access the data they need to automate time-consuming compliance work.”
With a solid market fit and proven feature set, incident.io is now probing new industries and scaling the product for larger customers. While incident.io is focused on fine-tuning its current offering, delivering a full suite of products is on the horizon. As a result, Chris and his team anticipate pursuing more standards with Vanta, particularly HIPAA in response to increasing demand from the healthcare industry. And depending on international interest, Incident.io may also consider an ISO 27001 certification.
