As a leading provider of end-to-end technology for real estate brokers and agents, Lone Wolf understands how crucial the protection and security of information is to a business and its customers. Their users manage people’s most sensitive information while dealing with the biggest transactions of their lives.
That’s why when Lone Wolf was looking to gain SOC 2 certification, they made the move from managing controls with spreadsheets to Resolver’s Information Security Management Solution.
In the last few years, it has become more common that customers require technology companies to be SOC 2 certified. This was exactly the case for Lone Wolf.
“The process began when one of our customers requested SOC 2 certification as part of their contract. With recent highly publicized security breaches impacting other software service providers, our customers have increased their diligence to ensure their service providers are following security best practices when protecting their customer's data. We decided it was time to undertake this process as a best practice baseline for protecting our customer's data while creating a competitive advantage for Lone Wolf products and solutions,” says David Armato, Security Compliance Manager, Lone Wolf Technologies.
Their challenge - undertaking this process using spreadsheets. “We were using spreadsheets to track the progress of control owner evidence collection, but as our business grew, the spreadsheets became more complex. Using spreadsheets to collect the evidence required, review controls, assign owners, etc. was not only difficult to manage but was likely to be error-prone. We knew that in order for us to complete the SOC 2 certification in an efficient and timely manner, we needed to make a change.”
Anyone who has been through a SOC 2 audit knows how much time and information goes into completion.
With Resolver, David and his team are able to manage their entire SOC 2 process in one solution. “When you look at how the audit process for SOC 2 follows the COSO principles, you realize how many controls that you need to define and manage. I couldn’t imagine doing this without a tool like Resolver. We’ve been able to easily extract controls and go back and forth with our auditors and then push the controls and any needed updates out to the organization. This is not only a huge time-saver but makes it so easy for us to implement and manage controls.”
Lone Wolf has been able to simplify the audit process for stakeholders across the organization.
“A real game-changer is how we’ve been able to effectively organize the audit in areas that are specific to each of the respective control owners. Each control owner has their own view allowing them to focus on items specific to their area. It allows them to get their work done quickly and accurately. It eliminates confusion and makes the process much more streamlined. Resolver sends request notifications to control owners and will follow up with reminders when necessary. At the start of the audit process, auditors are granted access to Resolver where they can review each control with attachments containing supporting evidence submitted by the control owner. The security team, control owners and auditors are also able to communicate within Resolver sharing comments or requests for additional information at the control level. Previous audits are archived and can be reviewed when necessary.”
Since using Resolver’s IT Risk & Compliance applications, hosted on the AWS platform, they saw a gap in their Vendor Risk Management process and implemented Resolver to ensure that their entire audit process was in one place. “Our goal is to make the audit process as seamless as possible for both ourselves and external auditors, by keeping all of our information in one place that is easily accessible.”
David and his team are confident using Resolver for their SOC 2 audit process. “Moving forward, certifications will be much easier. When starting a new audit cycle, controls will be carried over from the previous assessment allowing control owners the ability to upload fresh evidence for the new audit cycle. All of the information will already be there, and we’ll only have to validate and review. This means that we can gain our certification with confidence and provide assurance to our customers.”
Resolver’s Information Security Management solution automates IT risk and compliance processes to reduce cost, resources and effort required to effectively manage cybersecurity programs, provide risk oversight to executives and the board and achieve IT certifications such as SOC 2, ISO 27001 and others.
Fill out the form below to request a demo or learn more about Resolver products