Modern business insurance backed by the latest technology
Newfront, headquartered in San Francisco, is an insurance brokerage that connects businesses with different lines of coverage. Founded in 2017, the company works with customers of all sizes – from well-known clients like Nextdoor and Calm to new startups and small businesses.
Newfront isn’t just any brokerage – the company's mission is to empower people with technology. By using data-driven techniques and fostering transparency in the space, they’ve steadily grown to over 800 employees, serving 15,000+ customers.
Danny Macias, VP of IT & Enterprise Security at Newfront, works with team members from the Legal, Engineering, and People Ops teams to make sure that Newfront is as secure and compliant as possible. The team knew they needed to build further trust with enterprise clients who had robust compliance and security teams and that committing to SOC 2 Type II certification, as well as other frameworks, would ensure security for customers and be crucial to winning more deals.
Building trust with enterprise clients post-merger
In the past couple of years, Newfront has grown rapidly. As the company scaled and data security incidents hit other companies more frequently, clients began requesting more detail on security standards for the vendors they selected.
While Newfront was HIPAA compliant, they hadn’t completed SOC 2 or ISO 27001. Instead, they designed a security program that took inspiration from a number of frameworks. However, prospects and clients alike cared about compliance, and some companies required a SOC 2 report for any partners.
When prospective clients asked about certifications, the team would share information about their vendors’ security posture. “We would tell prospects and customers that we weren’t SOC 2 or ISO 27001 compliant yet, but that all our vendors were,” said Danny. “But that only got us so far– we needed to show our prospects and clients that we took security seriously and worked to get certified ourselves.”
A trust management platform that brings transparency
The team then investigated which compliance frameworks prospects and customers cared about most and decided that SOC 2 Type II should be the first priority, especially since a majority of their clients were based in the U.S. After Danny came on board, getting a SOC 2 Type II report became his focus.
Danny, who joined Newfront after Vanta had already been identified as the partner, was very familiar with the traditional compliance process and was initially skeptical about what Vanta could do. “When I joined, Vanta was described to me as ‘compliance in a box,’ which did not sound right to me,” said Danny. “But when I talked to the team at Vanta, I began to understand that this was a trust management platform and saw how beneficial it would be if we could use it on our journey.”
By integrating their infrastructure with Vanta to complete an audit, Danny and his team were able to save a massive amount of time. “Using Vanta was a game-changer for me,” said Danny. “It took half the time as it would’ve to do an audit manually.” Thanks to Vanta, Newfront was able to get a SOC 2 Type II report in 10 months. In Danny’s experience at other companies that completed the task manually, this took two years to accomplish.
The Newfront team sees value beyond SOC 2, as Vanta’s trust management platform offers much more than just help to become compliant. Newfront leverages Vanta to compare user groups and see if employees have completed security training. The sales team is also using Trust Center, which helps to accelerate sales by ushering prospects down the funnel.
Finally, Newfront has saved a significant amount of money thanks to using Newfront. “We estimate that Vanta has saved us well over six figures,” said Danny.
Winning enterprise clients with SOC2 compliance
With a SOC 2 and Trust Center to share, the team at Newfront is successfully supporting multiple teams within the business as well as customers. Now that they’ve completed their SOC 2 Type II, they are actively working towards ISO 27001, as well as other frameworks. The new level of compliance helps Newfront prove trust and demonstrates attention to security to security-conscious enterprise contracts that want to protect their data. Today, Newfront operates with confidence knowing that security and compliance will not block deals from reaching fruition.
“Our sales team is sharing the Trust Center with prospects and the feedback has been overwhelmingly positive. I can’t remember the last time I got sent a security report now that we have the Trust Center and a SOC 2 final report to share.”
VP of IT & Enterprise Security, Newfront
“Now that I’ve used Vanta, I’ll never go back to the manual audits. Vanta has been a huge win for the business and we are excited to see how it can help us in other areas.”
VP of IT & Enterprise Security, Newfront