How Versa gained SOC 2 compliance to facilitate future growth

The company

Improving savings and control for business travel programs

Versa is a spend intelligence platform that helps companies simplify travel and expense management by automatically capturing itemized receipts at the time of purchase. Instead of employees tracking down and uploading receipts later, Versa enables merchants to send detailed, compliant receipt data directly into a company’s expense system in real time. The result is less manual work, fewer errors, stronger compliance, and better visibility into company spending.

Because Versa handles its customers' financial data, security is a top priority. As soon as the company launched and won its first customer, it partnered with Vanta through its Y Combinator partnership in an effort to gain SOC 2 compliance.
‍

The challenge

Sensitive data requires tight security

Financial data is extremely sensitive, and companies are very selective about who and how they grant access. When Thomas Moore and Ted Power, co-founders at Versa, first started the company, they had an extremely high bar for security. “We needed to make people feel comfortable sharing their financial information,” said Ted.

The Versa team was also looking to the future. “We recognized that our first ten customers might not ask about our level of compliance, but that questions about security would come up as we grew,” said Thomas. “Because of this, we wanted to start out with the right tools so we would be set up for long-term success.”

The matter was pressing as well – Versa’s first customer went through an acquisition shortly after signing on. The larger parent company that acquired Versa’s customer required SOC 2 compliance to work together. Versa made a commitment to this customer, promising that they were in the process of seeking SOC 2 compliance, which helped to mitigate any security concerns.

‍

The solution

A trust management platform to future-proof the business

The Versa team was introduced to Vanta through the Y Combinator network and was immediately impressed by the possibilities. “We didn’t assess any other options because we loved the user experience and the way the product looked,” said Thomas. “It seemed like a solution that would offer us a gateway to minimum viable security.”

Upon taking a demo with Vanta, it seemed like it would help them gain SOC 2 compliance efficiently. The co-founders knew from their prior roles how long it would take if they decided to go the manual route — at one company, it took six months with one person working on it full-time, while at another company, it was slightly faster, but had four full-time employees working towards the goal.

{{quote-2}}

Furthermore, Thomas and Ted felt that the two companies were in alignment with their beliefs about providing transparency to customers through real-time reporting.

Thanks to their adoption of Vanta, Versa now has a SOC 2 report in hand to share with existing and prospective customers. The process was extremely efficient– the team started the process in Fall 2022, started their audit by the end of the year, and received their SOC 2 in early February 2023. All in all, it required no more than 40 hours of preparation for their audit.

‍

The impact

A bright future with opportunities for expansion

‍
This demonstration of trust helps Versa compete in deals that they otherwise would’ve lost or been disqualified from. Their SOC 2 and Trust Center are in their sales decks and website and are one of the first things they point to when asked about their security posture. When prospects ask any questions about security, they are able to proactively deliver information, helping gain confidence that financial data will be safe with Versa.

{{quote-3}}