CASE STUDY
ÉTUDE DE CAS
How Rakkar Digital protects client assets and demonstrates trust
Rakkar Digital uses Vanta’s powerful compliance automation tools to shorten the SOC 2 timeline from one year to six months.
Rakkar Digital successfully finished their audit in record time, with the usual four to six-week process taking just two weeks.
Rakkar Digital demonstrates trust and strong security measures to their customers and prospects in real-time by using continuous monitoring with Vanta Trust Center.
“Vanta aligns with our security strategy. We need to make sure our security and compliance practices are visible, build trust and transparency with clients, and show them we are open and honest. Trust Center helps us demonstrate that."
The Company
Best-in-class digital asset custody solutions for enterprises and institutions
As a crypto custody service, Rakkar Digital knows just how important trust is to their users. The company was founded in Singapore in 2022 and launched shortly after — providing institutional and mobile-centric solutions and custodian services for digital assets. They offer a secure place for their clients to store cryptocurrency, stablecoins, and tokenized assets. Rakkar Digital's customers range from crypto-native companies, crypto exchanges, and family offices, as well as private equity and venture capital firms. With an aim to become one of the top custodians in the Asia-Pacific region, Rakkar Digital is primarily focused on the Hong Kong and South East Asian markets. Backed by Thailand’s SCB10x and powered by Fireblocks, Rakkar Digital has established a strong footprint in the market in their early stages.
Early on, Rakkar Digital recognized the importance of security and compliance in their sector. Thus, they decided to bring on a Chief Information Security Officer (CISO) early in their history. Thomas Kung, CISO at Rakkar Digital, says that after the crypto meltdown of 2022, winning customer trust is more important than ever. “Being a custodian, security and compliance are foundational elements of our solutions. Especially when you consider the nature of the crypto market, trust and transparency are crucial to gain the confidence of our clients.”
The Challenge
Curbing fears and demonstrating a commitment to security and compliance
Following the crypto crash of 2022, digital asset holders were taking extra precautions to protect their investments. With limited public knowledge of the security benefits of custodian services, many users opted for self-custody which is generally less secure. “People are scared and frightened, which leads them to pull their funds away from major exchanges to avoid risk,” says Thomas.
Rakkar Digital needed to build trust amid skepticism in the market and prove to clients that their assets would be well-protected under their custody solution. When Thomas came on board as the company’s CISO, he identified SOC 2 as a must-have to earn client trust. As he put it, “Being SOC 2 compliant will help clients realize that custodians will mitigate the risk involved with their daily operations.”
In order to be considered by clients, the company needed their SOC 2 as quickly as possible. Thomas has gone through both ISO 27001 and SOC 2 audits at prior companies and knew the process well — a process that generally takes a year to complete a single attestation given the significant effort that goes into evidence collection. He knew that this time around, Rakkar Digital needed to accelerate that timeline to earn the trust and business of the clients they were already speaking to. Thomas then turned to compliance automation tools to speed up the SOC 2 process and meet business demand.
The Solution
Proving security while saving time and money
With his sights set on starting SOC 2 and knowing that the business needed an automation platform to get it quickly, Thomas started to identify potential solutions.
Rakkar Digital needed a solution that could easily integrate with its cloud-native environment and offered seamless security and compliance monitoring capabilities within the cloud. With plans to get SOC 2 Type I immediately and expand to SOC 2 Type I and ISO 27001 later on, any solution the team brought on would need to support multiple frameworks. Additionally, Thomas wanted a provider with robust support services to help his team navigate complex compliance issues. But the most pressing issue of all was the need for automation to speed up the compliance process and save company costs.
Thomas discovered Vanta through one of Rakkar Digital’s other vendors who was already using Vanta to prove their security. He saw how easy it was for this vendor to demonstrate their security and compliance posture, provide evidence and documentation, and how quickly this vendor was able to complete Rakkar Digital’s review process. All these factors made it easy for them to choose Vanta. “We didn’t even consider other vendors,” Thomas shares. “Seeing the product gave me the feeling that Vanta was the best in the space.”
{{quote-2}}
The Impact
A shortened SOC 2 journey and earned trust
Once Rakkar Digital partnered with Vanta, Thomas worked with Vanta’s implementation team to accelerate his team’s use of the platform. Their Customer Success Manager provided invaluable guidance while onboarding and setting up their instance, helping them align their compliance journey to other business priorities and work seamlessly with their different vendors. Because Vanta has more than 200 out-of-the-box integrations, Rakkar Digital was able to quickly connect all their systems and start using the platform right away.
With the team enabled and their Vanta instance set up, Rakkar Digital started the SOC 2 process with an expedited timeline that delivered impressive results. Thomas shared that this process usually took an entire year to complete at his prior companies, but with Vanta, that timeline was cut down to just six months. One of the biggest factors that contributed to this acceleration was Vanta's inventory of automated security practices, such as running tests and automated evidence gathering. Additionally, Vanta helped build a centralized repository for all of Rakkar Digital’s documentation and evidence.
Once their evidence was in and controls were in place, Rakkar Digital started the audit process. Thomas said he expected the audit to take between four to six weeks, but because Rakkar Digital partnered with one of Vanta’s partner auditors through Vanta Seamless Audi, the SOC 2 audit process only took two weeks. Now their SOC 2 is helping them gain a competitive advantage over their competitors.
{{quote-3}}
But Rakkar Digital’s journey with Vanta doesn’t stop with SOC 2 — the company is also using Vanta to continuously monitor its security using Trust Center to increase transparency. Their Trust Center is publicly available on the company’s website and their sales and customer success teams have been trained to use it to demonstrate trust during customer conversations. Thomas says these reports have helped streamline the vendor assessment process as well, and he’s enabled customers to self-serve important security information for their own vendor audits.
As Rakkar Digital continues to grow and evolve, they are exploring other uses for Vanta in their business and are already working towards ISO 27001 certification.
