05 sept.
Customer Overview
Qminder is a queue management platform that helps businesses deliver better customer experiences. By replacing pen-and-paper sign-in sheets with a simple, digital solution, Qminder enables organizations across industries to serve their customers faster and more efficiently.
As Qminder handles visitor data for its customers, information security assurance has always been a key business driver. Qminder completed their first SOC 2 Type 2 audit in 2021.
Challenge
Before Kordon, Qminder was using Vanta to manage their information security and compliance efforts. While the platform offered automations and did get them through audits so far, Qminder’s CTO felt that there was room for improvement. The key issues were:
Generic support – Despite the high price point, support felt detached from Qminder’s real challenges. Instead of talking to information security professionals, they were routed through generic customer success channels.
Unnecessary busywork – Vanta’s automations often forced Qminder’s employees – key engineers in particular – to complete tasks that had little or no value to the business, wasting time and resources.
Lack of flexibility – The ISMS felt like it was designed to fit Vanta’s platform rather than Qminder’s actual needs.
Qminder wanted an approach that would reduce meaningless work, save money, and give them access to real expertise when making security decisions.
Solution
Switching to Kordon transformed how Qminder approached information security. The process unfolded step by step:
Exporting data from Vanta – We pulled all relevant information out of the old platform.
Separating the meaningful from the meaningless – Together with Qminder, we reviewed all ISMS elements and identified which practices added real value and which ones were just the results of automations for the sake of automation.
Condensing into essentials – We distilled everything into what Qminder truly needed for their ISMS and SOC 2 based on their audit report. This allowed us to rewrite policies and redesigning controls for greater efficiency while filtering out the noise and duplication in risks.
Importing into Kordon – Controls, risks, and vendors were brought into the platform, fully tailored to Qminder’s operations.
Defining tasks for SOC 2 – Clear, actionable tasks were created to ensure all requirements for the upcoming SOC 2 review period would be covered.
Along the way, we simplified policies, redesigned controls, and created an ISMS that is both easier to understand and maintain.
Results
For Qminder, the move to Kordon brought immediate benefits:
Saved time – Key engineers no longer waste hours on low-value tasks dictated by automations.
Saved money – Kordon delivers better results at a lower cost compared to Vanta.
Expert support – Instead of generic support channels, Qminder now works directly with information security professionals who understand both the product and their business.
With Kordon, Qminder has a lean, tailored ISMS that aligns with how they actually work — and a partner they can rely on as they move toward SOC 2 compliance.
“Kordon made security and compliance straightforward.
Instead of playing whack-a-mole with irrelevant reports, we’ve got efficient risk-based controls and customer support by people who have hands-on experience running information security programs.”
— Siim Raud, CTO, Qminder
Key Metrics
| Metric | Result |
| Migration time | 3 weeks |
| Number of security controls to maintain | 46 (down from 57) |
| Co-workers annoyed | At least 2 fewer than before |
Conclusion
Qminder’s journey from Vanta to Kordon shows the value of an ISMS that is tailored, practical, and supported by real expertise. By cutting out meaningless tasks, simplifying policies, and providing access to security professionals, Kordon helped Qminder save both time and money — while building confidence in their path to SOC 2 compliance.
Looking ahead, Qminder is well positioned to scale its security program as the company grows. With a streamlined ISMS and ongoing expert support, they can focus on serving their customers while knowing that compliance and security are being handled in a way that makes sense for their business.
Estonian 
English