Empowering legal professionals through no-code automation
Josef is a no-code platform that empowers lawyers and legal professionals to automate legal tasks, including lawyer-client interactions, sending emails, generating legal documents, and providing legal guidance and advice. Founded in 2017 by Tom Dreyfus, Sam Flynn, and Kirill Kliavin, the company has seen extraordinary growth and interest from both private law firms and large in-house corporate legal teams globally.
As the company continues to navigate through hypergrowth, much of their focus for 2023 has revolved around building trust and expanding their reach amongst new and existing customers, as well as continuing to identify new and creative use cases to enable more people to access legal services. To fuel their ambitious growth goals while maintaining secure, Josef put together a team consisting of Prue Burns, Head of Legal & Data Security, and Sam Flynn, Chief Operating Officer, to ensure that their culture of security remains true. “Everyone undergoes security training and understands that we all have an important role to play to keep Josef and our customers’ data safe,” says Prue.
The team at Josef has always taken data security seriously, as their founders built a strong framework for data security at the outset and have continued to build controls around that framework as Josef has grown.
Moving at a hypergrowth pace, securely
With their growth came prospects asking for a demonstrable way for Josef to prove their security posture — often by answering extensive information security questionnaires. This prevented the Josef team from moving at the pace they wanted to, because questionnaires often took time and focus away from both their Sales and Legal teams. Furthermore, the diversity of its expanding prospect base resulted in a wide variety of information security questionnaires that needed to be filled out during the sales process. These questionnaires were different for each prospect, slowing down the sales process. To mitigate this, Josef decided to prepare for and seek compliance certification as a means to efficiently and proactively communicate to customers and prospects that their data security controls are robust.
“Having industry-recognized certification enables us to build trust and make the deal that little bit easier to close,” says Prue. Thus, they quickly identified that SOC 2 and ISO 27001 were the most highly respected and globally recognized industry standards within their target market, and decided to pursue them.
Josef initially considered a number of manual methods for attaining a SOC 2 report and ISO 27001 certification but found them lacking structure and guidance. They initially explored hiring external consultants but ultimately preferred the idea of balancing automation with expert support. “For me leading the project, having a very clear set of goals to achieve compliance that were broken down into logical steps was the key,” says Prue. Josef was referred to Vanta by their network and for Prue and Sam, the decision was clear.
Finding clear and actionable compliance insights
Vanta provided Josef with a well-structured and step-by-step approach to achieving compliance. The Vanta dashboard enabled Prue to continually monitor the progress against their target frameworks, and motivated and enabled them to ensure that they maintained compliance and met their SLAs.
“For someone with a legal and risk management background, I felt completely supported when it came to understanding the technical requirements of SOC 2, and could work seamlessly with each of Josef’s functions to ensure the standards are met,” says Prue. Vanta provided the Josef team with clear action items in their weekly meetings with completed actions and a clear view of next steps. “When we found Vanta and understood how Vanta combines an efficient and easy-to-use platform with an approachable and dedicated team of experts, we were able to make the decision to proceed very quickly.”
Within four months of purchasing Vanta, Josef became SOC 2 Type I compliant, and in another four months, they became SOC 2 Type II compliant. They especially credit their success to Vanta’s support team and their dedicated Customer Success Managers — two important resources that guided Prue throughout the entire audit process. Furthermore, Josef chose to conduct their audits with one of Vanta’s audit partners, Johanson, which helped them streamline their audit even further. “Johanson, an independent auditor, was highly professional, and easy to work with,” says Prue. “Their communications were clear and comprehensive, which meant preparing our responses to audit questions was straightforward.”
Reducing security inquiries with SOC 2
Being SOC 2 compliant has had a positive impact on Josef's business objectives and new deal closures. As Prue put it, “SOC 2 has provided us with an excellent proof point to demonstrate the sophistication of our platform and helps us build instant credibility with prospects and customers… when buyers evaluate technology vendors, data security is high on their agenda. Having industry-recognized certification enables us to build trust and make the deal that little bit easier to close,” says Prue. They’ve found that the number and scope of security questionnaires that they receive have been reduced due to their SOC 2.
Josef is currently in the process of getting ISO 27001 and is working towards achieving certification by the end of 2023. SOC 2 and the future standards Josef is pursuing have helped them prove security and demonstrate trust — ensuring that they can fulfill their mission of acquiring new customers in the United States, Europe, and beyond.
“Having industry-recognized certification enables us to build trust and make the deal that little bit easier to close.”
Head of Legal & Data Security
Head of Legal & Data Security