Slope’s primary need is a comprehensive compliance solution that provides automated monitoring capable of integrating into the business’s tech stack.
In order to gain traction as a new player in a slow-moving sector, Slope needs a clear, consistent tool that offers a way to efficiently demonstrate compliance and security frameworks.
As a relatively young startup, Slope chooses to achieve and maintain compliance standards alongside a partner that can offer guidance and technical support.
“Compliance is a huge differentiator for us because we can say we’re the only vendor who is cloud-native, and compliant with SOC 2 and ISO 27001. That’s a big deal.”
The company
Cloud-based tech built for risk modeling
Slope Software is the only 100% cloud-based platform designed for actuary professionals. Slope simplifies and streamlines risk modeling workflows across a wide range of use cases, including risk calculations, product pricing, asset-liability management, and capital projections.
Many companies in the insurance sector have yet to embrace cloud technology at large, giving Slope’s modern solution a unique opportunity. Legacy technology, desktop software, and manual operations are still the norm among Slope’s incumbents.
Founded in 2016, Slope is a startup with less than 20 employees leaving little room for resource-intensive tasks such as compliance. Co-founder and CTO Taylor Perkins handles many large projects at Slope. “As a co-founder, you wear a lot of hats,” Taylor says. “You're thinking about the direction of the company as a whole.” Taylor manages fundraising, networking, engineering, and product development—in addition to managing compliance.
The challenge
Ramping up in a slow-moving industry
After winning business from key companies in the industry, Slope found success as a modern player in an otherwise “traditional” industry. Being one of the only companies in the insurance sector to embrace the cloud offers risks and rewards. “One of our main challenges is going to market against incumbent players,” Taylor says. “The newest company that directly competes with us was founded in the 90s.”
Slope’s legacy, “on-prem” competitors have no use for modern standards like SOC 2, which gives them a short-term advantage during the sales cycle. However, Slope’s cloud-native product provides far more security and convenience for its customers. After gaining a foothold in the industry, Slope quickly began to satisfy prospects. With more business came a growing need for compliance.
“As we started to go upmarket to enterprise, that’s when we noticed things like security questionnaires,” Taylor says. “The back-and-forth of security questionnaires delayed our sales cycle by months. Insurance companies are already slow to move. The more things we can do to smooth that process out, the better.”
{{quote-2}}
The solution
A comprehensive compliance tool chest
To scale the business and shorten sales cycles with domestic prospects, Slope needed to comply with SOC 2 Type II. Additionally, Taylor wanted to obtain an ISO 27001 certification in preparation for international opportunities.
As a startup co-founder who’s passionate about SaaS tools and functionality, Taylor knew there had to be better compliance options compared to the high cost of traditional auditors. “The old way is absurdly more expensive, and of course, there’s no tool to help you along the way.”
Tasked with an overabundance of projects and duties, Taylor knew that Slope needed a full suite of compliance resources that offered modern capabilities, strong customer support, and long-term reliability. “One of the things that really attracted me to Vanta was the continuous monitoring,” Taylor says. “I knew that compliance was an ongoing process.”
Vanta seamlessly integrates into Slope’s tech stack giving the company deeper automated functionality without straining Taylor’s teams. “Since we’re cloud-native, there’s no reason our compliance tool shouldn’t be able to tap into everything. Vanta integrates into our full stack.”
But Slope’s compliance needs didn’t end with SOC 2 reporting and ISO 27001 certification. “I would consider myself a power-user—we basically use every Vanta feature and tool available.” Templates, in-app support, and vulnerability testing all work together to help Slope maintain compliance while scaling the business. Slope is also using Vanta’s Trust Reports as a single source of truth to quickly communicate its security posture to prospects.
The impact
Roadmapping the future without restraint
Taylor estimates that Slope has cut its sales cycle by 30% simply by achieving compliance with SOC 2 and ISO 27001. Before Vanta, Slope would have to spend large amounts of time filling out security questionnaires when non-cloud competitors didn’t have to. Now, Vanta’s Trust Reports replace hours of manual documentation with a digital portal containing its security resources.
What was once a stumbling block is now a competitive advantage. “Because our competitors aren’t cloud-based, none of them are SOC 2 compliant,” Taylor says. “Now compliance is a huge differentiator for us because we can say we’re the only vendor who is cloud-native, and compliant with SOC 2 and ISO 27001. That’s a big deal.”
Alongside Vanta’s in-house experts and intuitive platform, Slope cruised through evidence-collection processes and audits. As a startup, Slope’s journey into compliance requires a structured, guided approach. “I had never gone through an audit before—I felt like I needed some guidance.” Vanta’s customer support, in addition to resources such as checklists, enable Slope to reach and maintain compliance with ease.
Slope is finding expansion opportunities in different industries that align with its product. Looking forward, Slope is ramping up to become HIPAA, CCPA, and GDPR compliant. Vanta’s platform clearly indicates overlapping controls from other standards that are already in effect.
{{quote-3}}
The future
Expanding beyond compliance: Enhancing security with Access Reviews and Trust Reports
Given their reliance on third-party vendors for crucial functions like project management, HRIS, payroll, and cloud infrastructure, regular employee access reviews are critical to Slope’s compliance posture. However, manual processes relying on spreadsheets to track vendors and corresponding employee access controls created challenges and inefficiencies.
As Slope’s SOC 2 and ISO 27001 compliance requirements became more rigorous, auditors insisted on a more comprehensive approach, resulting in an explosion of spreadsheets to incorporate individual user details and access permissions for each system. To assess access, time-consuming meetings were scheduled with relevant team members, which often required additional effort to update the spreadsheets accurately.
That’s when Slope decided to purchase Vanta’s Access Reviews solution, which transformed the process by providing automatic integrations with existing systems and significantly streamlining the access review workflow.
"Before Access Reviews, our workflows relied on time-consuming spreadsheet management and lengthy meetings,” said Taylor. “Vanta's seamless integration with our systems and its ability to automate the process has transformed our workflow. We now conduct reviews asynchronously, delegate tasks efficiently, and benefit from a single source of truth for our access controls."
Vanta’s Access Reviews solution has resulted in substantial time savings for Taylor and his team. "We estimate that the process now takes around 15 to 20 minutes with Access Reviews, compared to the four to five hours we previously invested,” says Taylor. “Additionally, Vanta has helped us identify and address access issues such as unused service accounts, reducing our surface area of potential threats."
Looking ahead, Slope Software foresees even more value in their usage of Vanta's Access Reviews solution. As Vanta continues to add integrations, Slope Software expects to benefit from further time savings by automating access reviews for all their vendors. With the potential to streamline the process as their team expands, Slope Software values Vanta’s scalability and delegation capabilities. The ability to efficiently manage access reviews within Vanta and maintain a single source of truth will become increasingly valuable as their organization grows.
But Slope’s compliance needs didn’t end with SOC 2 reporting, ISO 27001 certification, and Access Reviews. “I would consider myself a power-user—we basically use every Vanta feature and tool available.” Templates, in-app support, and vulnerability testing all work together to help Slope maintain compliance while scaling the business. Slope is also using Vanta’s Trust Reports as a single source of truth to quickly communicate their security posture to prospects.
