How Newfront uses Vanta to build trust with enterprises

San Francisco, CA

SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST CSF, Trust Center

Building trust with enterprise customers

By coupling a robust Trust Center with their SOC 2 Type II report, Newfront builds confidence with high-value enterprise organizations — paving the way for them to partner with even more clients.

Quick implementation of SOC 2

Vanta’s automation and depth of integrations made the process of getting a SOC 2 report fast, cutting the time to complete Newfront’s audit by 50%.

Substantial cost savings

By using Vanta to complete their SOC 2 Type II attestation, Newfront saved an estimated $100,000 per year.

Vanta was a game-changer. Not only did it cut our audit time in half, but it saved well over six figures in costs and ultimately helped us build more trust with the enterprise prospects we want as clients.

Danny Macias
VP of IT & Enterprise Security, Newfront
The company

Modern business insurance backed by the latest technology

Newfront, headquartered in San Francisco, is an insurance brokerage that connects businesses with different lines of coverage. Founded in 2017, the company works with customers of all sizes – from well-known clients like Nextdoor and Calm to new startups and small businesses.

Newfront isn’t just any brokerage – the company's mission is to empower people with technology. By using data-driven techniques and fostering transparency in the space, they’ve steadily grown to over 800 employees, serving 15,000+ customers. 

Danny Macias, VP of IT & Enterprise Security at Newfront, works with team members from the Legal, Engineering, and People Ops teams to make sure that Newfront is as secure and compliant as possible. The team knew they needed to build further trust with enterprise clients who had robust compliance and security teams and that committing to attaining a SOC 2 Type II, as well as other frameworks, would ensure security for customers and be crucial to winning more deals.

The challenge

Building trust with enterprise clients post-merger

In the past couple of years, Newfront has grown rapidly. As the company scaled and data security incidents hit other companies more frequently, clients began requesting more detail on security standards for the vendors they selected.

While Newfront was HIPAA compliant, they hadn’t completed SOC 2 or ISO 27001. Instead, they designed a security program that took inspiration from a number of frameworks. However, prospects and clients alike cared about compliance, and some companies required a SOC 2 report for any partners. 

When prospective clients asked about security frameworks, the team would share information about their vendors’ security posture. “We would tell prospects and customers that we weren’t SOC 2 or ISO 27001 compliant yet, but that all our vendors were,” said Danny. “But that only got us so far– we needed to show our prospects and clients that we took security seriously and worked to get certified ourselves.”

The solution

A trust management platform that brings transparency

The team then investigated which compliance frameworks prospects and customers cared about most and decided that SOC 2 Type II should be the first priority, especially since a majority of their clients were based in the U.S. After Danny came on board, getting a SOC 2 Type II report became his focus. 

Danny, who joined Newfront after Vanta had already been identified as the partner, was very familiar with the traditional compliance process and was initially skeptical about what Vanta could do. “When I joined, Vanta was described to me as ‘compliance in a box,’ which did not sound right to me,” said Danny. “But when I talked to the team at Vanta, I began to understand that this was a trust management platform and saw how beneficial it would be if we could use it on our journey.”

By integrating their infrastructure with Vanta to complete an audit, Danny and his team were able to save a massive amount of time. “Using Vanta was a game-changer for me,” said Danny. “It took half the time as it would’ve to do an audit manually.” Thanks to Vanta, Newfront was able to get a SOC 2 Type II report in 10 months. In Danny’s experience at other companies that completed the task manually, this took two years to accomplish.

The Newfront team sees value beyond SOC 2, as Vanta’s trust management platform offers much more than just help to become compliant. Newfront leverages Vanta to compare user groups and see if employees have completed security training. The sales team is also using Trust Center, which helps to accelerate sales by ushering prospects down the funnel. 


Finally, Newfront has saved a significant amount of money thanks to using Vanta. “We estimate that Vanta has saved us well over six figures,” said Danny.

The impact

Winning enterprise clients with SOC2 compliance

With a SOC 2 and Trust Center to share, the team at Newfront is successfully supporting multiple teams within the business as well as customers. Now that they’ve completed their SOC 2 Type II, they are actively working towards ISO 27001, as well as other frameworks. The new level of compliance helps Newfront prove trust and demonstrates attention to security to security-conscious enterprise contracts that want to protect their data. Today, Newfront operates with confidence knowing that security and compliance will not block deals from reaching fruition.


“Our sales team is sharing the Trust Center with prospects and the feedback has been overwhelmingly positive. I can’t remember the last time I got sent a security report now that we have the Trust Center and a SOC 2 final report to share.” 

Danny Macias
VP of IT & Enterprise Security, Newfront

“Now that I’ve used Vanta, I’ll never go back to the manual audits. Vanta has been a huge win for the business and we are excited to see how it can help us in other areas.”

Danny Macias
VP of IT & Enterprise Security, Newfront