CUSTOMERS

How incident.io turns compliance transparency into market value

COMPANY

incident.io

LOCATION

INDUSTRY

PRODUCTS USED

EMPLOYEES

The Challenge

The Solution

Results

The Impact

PRODUCTS USED
SOC 2

Additional Case Studies

AI Insurance preps for SOC 2 in one week and accelerates expansion

Charityvest gets SOC 2 in 10 days with Vanta

Affinity reduces audit surprises with Vanta's automated evidence collection

Everything you need to get compliance audit ready, fast.

Vanta automates security compliance.
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter a job title
Please enter your company name
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
🎉
Introducing our Connectors API for integration builders
Learn more >
CASE STUDY

How incident.io turns compliance transparency into market value

COMPANY
incident.io
EMPLOYEES
25-50
LOCATION
London and New York
SOLUTION
SOC 2 Type I and Type II, Vanta Trust Reports
INDUSTRY
SaaS security
YEARS ON VANTA
1+
Single source of security truth

Vanta Trust Reports gives incident.io the ability to quickly share important compliance documents with prospects.

Frictionless annual audits

With data readily available in Vanta’s platform, incident.io puts evidence collection on autopilot in preparation for annual audits.

Custom integrations

Vanta’s Connectors API provides a creative space for incident.io to develop and publish their own integrations in real-time.

“Vanta is proven to work. When it came to getting a SOC 2, it made my life incredibly easy and therefore I have a high degree of trust in the company.”

Chris Evans
Chief Product Officer
The company

Plug-n-play incident response for all

incident.io provides world-class incident management software, neatly housed in Slack. The platform offers automated assistance, customizable workflows, and analytics-based insights to mitigate risk. Altogether, incident.io delivers a robust yet accessible solution that softens even the toughest internal challenges. 

Before incident.io, the company’s three founders—Stephen Whitworth, Chris Evans, and Pete Hamiton—were the engineers responsible for handling incident software at U.K.-based online bank Monzo. In his off time at Monzo, incident.io CPO Chris Evans developed quality-of-life incident software as a way to remediate manual workflows for his team.

“When I started at Monzo there were 200,000 customers,” Chris says. “When I left there were six million, and the incident software I created was being used dozens of times a day.” After witnessing the efficacy of Chris’s homebrewed software, the soon-to-be incident.io founders realized there was nothing like it available on the market.


The challenge

Unlocking the US market with SOC 2

To ensure steady growth in the US market, being compliant with SOC 2 is virtually table stakes. Empowered by a considerable phase of hyper-growth, and with international expansion as a north star, incident.io was eager to find a trustworthy compliance partner who could offer a low-lift implementation with reliable automation.

Originally based in the UK., incident.io has had its eyes set on the US market since the beginning, and now that goal has come to fruition thanks to recent investments. In July 2022, incident.io raised $28.7 million in a Series A round led by Index Ventures. Combined with a previously unannounced $5.5 million seed round, incident.io accumulated $34.2 million. incident.io now has offices in New York with possible plans for a SoHo office in view. 

Despite incident.io’s recent wins, compliance and security have also ranked high on their list of top priorities. Incidents that occur at most companies are usually tied to security in some manner. Read: you can’t create a successful risk-response software company without owning compliance and security right out of the gate. 

Because Chris was heavily involved during the audit process at Monzo, he had clear memories of unnecessary strain that plagues the traditional compliance process. “I knew from day zero that I wanted to get compliance and security in place early,” Chris says. Now, Chris makes it a priority to avoid tedious audits and unnecessary manual processes for team members at incident.io. 

The solution

Automated compliance as a lever for transparency

incident.io was born from a need to replace manual workflows with automation, and that’s exactly the kind of tool Chris Evans sought to handle compliance. Chris quickly decided to move forward with Vanta to pursue SOC 2 after finding positive feedback and customer reviews online. 

“The sole purpose for Vanta’s software solution was to remove toil and low-value work,” Chris says. “Someone shouldn’t have to go in and take screenshots to gather evidence. That can all be done with automation.” Chris knew that prioritizing compliance early in the company provided the added benefit of deeper security with fewer applications and processes to secure. 

“A platform like Vanta can easily plug into our system. Being a young company with little infrastructure, it felt like easy mode,” Chris says. After Vanta was fully integrated, it only took incident.io two to three weeks to write policies and prepare for its first SOC 2 audit. “We can be confident things are always working. The platform streamlines the audit process and our auditors can directly access up-to-date evidence themselves.”

Vanta Trust Reports


As the manager of compliance at incident.io, Chris wanted to offer prospects a single source of truth, a “compliance packet” that demonstrated a commitment to security, despite being a young company. Vanta Trust Reports provides an easily accessible hub that contains all of incident.io’s compliance and security documentation. In contrast to a static report or snapshot, Vanta Trust Reports gives incident.io an opportunity to show prospects a living testament of their security standards. 

Before Vanta Trust Reports, incident.io was using a different product to house all their security documentation. When it comes to demonstrating security for prospects, Vanta Trust Reports is “a better way to convey all of our security information,” Chris says.

The impact

Shorter sales cycles, low-stress audits, and new partnerships 

During the sales cycle, incident.io allows prospects to see their reports, penetration test results, and all other security documentation. Without sifting through endless documents and links, sales team members simply send a URL that directly links to the Vanta Trust Reports portal. 

Once in Trust Reports, prospects can easily find critical security information such as infrastructure security, product security, internal procedures, and more. By leaning into this kind of accessible transparency, incident.io experiences accelerated sales cycles, deeper insights through tracking, and a higher level of trust and rapport with potential customers.

Looking forward, Chris foresees little friction or workload when it comes to annual SOC 2 audits. In addition to Vanta’s continuous automation, Chris is able to leverage Vanta’s support team members and in-house experts.

“Our onboarding experience was excellent—really, really strong. Our CSM told us exactly what we needed to do and what we didn’t need to worry about at all. It can be daunting to go through this stuff. To have someone who can impart their experience gives you a lot of confidence.” 

Technology partnership with Vanta


During their SOC 2 audit with Vanta, incident.io discovered an opportunity to enhance the Vanta platform with incident response capabilities. After building a custom integration between incident.io and Vanta, the company officially became an API technology partner.

Technology partners can use Vanta’s Connectors API to build and publish their own integrations on Vanta’s integration network. Partner-built integrations look and operate like native connections, working seamlessly for Vanta users.

“We recognized from getting our SOC 2 with Vanta that there's massive potential in being added as a supported service,” Chris says. “Our integration with Vanta allows mutual customers to easily access the data they need to automate time-consuming compliance work.” 

With a solid market fit and proven feature set, incident.io is now probing new industries and scaling the product for larger customers. While incident.io is focused on fine-tuning its current offering, delivering a full suite of products is on the horizon. As a result, Chris and his team anticipate pursuing more standards with Vanta, particularly HIPAA in response to increasing demand from the healthcare industry. And depending on international interest, Incident.io may also consider an ISO 27001 certification.

“Honestly, the biggest value that I get from Vanta is knowing that when I need to annually renew my SOC 2, I have almost no concern. The evidence is all there and it’s not an ongoing task—it’s just done.”

Chris Evans
Chief Product Officer

Chris Evans
Chief Product Officer

Subscribe to our newsletter

Want to stay up-to-date on all things security and compliance? Subscribe to Vanta's newsletter for the latest on compliance standards, data security, and Vanta insights.

Everything you need to get compliance audit ready, fast.