How Peak builds trust in new markets with Vanta

The company

Taking AI to new heights

There is nothing small about Peak’s mission; it wants to use AI to change the way the world works. The seeds for the company were sown back in 2015 during a discussion in a Manchester pub. Founders Richard Potter, David Leitch, and Atul Sharma talked about how they could democratise AI for every business, and after drawing an idea for an AI platform on a napkin, Peak was born. 

Today, Peak offers a cloud AI platform that allows companies to embed AI into the core of their inventory and pricing operations. With a library of pre-built AI applications, Peak’s customers can rapidly apply AI to deliver on their commercial objectives. 

Peak has a team of over 200 people worldwide and has raised $119m in investment funding to date. Peak is used by global industry leaders including Nike, Molson Coors, Marshalls and Eurocell.

‍

The challenge

Bigger clients, bigger asks

As Peak’s customer base grew,  its team was being asked to complete an increasing number of custom security questionnaires, which was time consuming and repetitive. As an initial step, the team worked to become ISO 27001 certified but as larger, predominantly US-based, customers joined Peak, SOC 2 emerged as the security framework of choice.. 

“As we are working with sensitive customer data, security is of paramount importance to our customers,” says Michael Pearce, Head of Information Security & Compliance at Peak. “Customers are drawn to the technically focussed SOC 2 Type 2, which involves continuous monitoring and testing and shows how effective a company’s controls are over time.”

Michael joined Peak in 2017 and says that the company has always recognised the need for robust security. However, in previous roles, he had seen how manual, ad-hoc approaches to compliance led to more work for everyone involved. Peak needed a hassle-free way of getting SOC 2 Type 2, so they began looking at trust management platforms that could automate and streamline the process. 

“Our larger customers kept mentioning SOC 2 Type 2, so we decided that we needed to get it. We wanted the process to be as painless as possible, so we went looking for the right trust management platform," says Michael.

‍

The solution 

Getting SOC 2 quickly and painlessly with Vanta 

Peak’s InfoSec and engineering teams examined the platform options that were available, with specific criteria in mind. 

“Our SOC 2 ‘must-have’ was to have as many automated checks as possible, and it had to work on the AWS infrastructure that hosts Peak,” explains Michael. 

Vanta and a competitor emerged as frontrunners, but Peak decided that Vanta’s features and collaborative approach best matched its needs. A big selling point was the depth and breadth of the integrations that Vanta supports. The platform has 300 integrations and counting, including AWS, Jira, Basecamp, Asana, and Google Workspace. Peak’s existing tech stack would be completely covered, meaning the team could begin the process of getting SOC 2 Type 2 straight away. 

“As well as the number and selection of integrations that Vanta offered, we liked the intuitive user interface. It does what it says on the tin! Vanta’s company values also matched ours," says Michael. "They put customers first, lead with resilience, presume good intent, and are action-oriented.”

Peak also appreciated how Vanta would seamlessly integrate with some of the core services and tools they use for access control. 

“A core tenet of SOC 2 is that you manage your users properly. For example, if somebody leaves your business, you have to make sure their access is revoked right away. We did a side-by-side comparison of our key apps to see if they were supported by the various platforms, and Vanta could work with them all.” 

Since starting with Vanta, Peak has gotten its SOC 2 Type 2 attestation, which has led to a streamlined sales cycle, particularly when it comes to US-based enterprise customers. 

“When we start talking to those prospects, one of the first things they ask is whether we have it. When we say we do, they don’t have to go through their normal checklist of questions; they know that we have it covered,” says Michael. 

{{quote-2}}

‍

The impact

Saving time, building trust, and staying accountable 

With SOC 2 Type 2, Peak can give its potential customers concrete proof that it takes the safety of their data seriously. Internally, Michael appreciates how Vanta’s continuous monitoring allows the company to be constantly on the ball when it comes to their security responsibilities.

“It was great to be able to get SOC 2 Type 2 so quickly and efficiently, but I think the hourly checks are my favourite thing about Vanta. If anything goes out of compliance, we get an email or a Slack alert, and we can fix it right away.”

{{quote-3}}

With Vanta Seamless Audit, Peak can select an independent, Vanta-vetted SOC 2 auditor. At audit time, Peak can simply give the auditor access to its Vanta instance, where the auditor can easily access the information and documentation they need. 

Vanta-vetted auditors are well versed in how to use the platform to review, request, and accept evidence. That knowledge means that organisations can reduce the time and effort they spend on audit prep – some customers report an 80% reduction in total audit completion time.

“Having an auditor who has partnered with Vanta has been super useful and it has definitely sped things up. They know where to go and how to get the information they need. They don’t have to ask us any questions about how Vanta works, which is already a quick win,” says Michael.  “This year, we budgeted five or so days for our SOC 2 audit session – it took less than an hour!"

‍
Partnering with Vanta has benefited Peak in a host of different ways. Michael says, “It's definitely streamlined customer security requirements because we don’t have to deal with as many security questionnaires and reviews. Internally, we’re able to consistently monitor our risk and threat detection, which is a win-win for Peak and its customers.”