{"id":18785,"date":"2025-03-24T08:28:31","date_gmt":"2025-03-24T06:28:31","guid":{"rendered":"https:\/\/kordon.app\/?p=18785"},"modified":"2025-03-24T12:07:50","modified_gmt":"2025-03-24T10:07:50","slug":"case-study-esgrid-soc2","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/case-study-esgrid-soc2\/","title":{"rendered":"Case Study: Kordon Takes Esgrid to SOC 2 Success in 6 Months"},"content":{"rendered":"<h3><b>Customer Overview<\/b><\/h3>\n<p><a href=\"https:\/\/esgrid.com\/\"><b><span style=\"text-decoration: underline;\">Esgrid<\/span><\/b><\/a><span style=\"font-weight: 400;\">\u00a0is a Value Chain Risk and Relationship Management Platform designed to automate and streamline risk assessments and relationship management for businesses. The platform allows organizations to gather and analyze data from their suppliers, customers, and other value chain participants.<\/span><\/p>\n<h3><b>Challenge<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">As Esgrid prepared to scale, it became clear that a robust <\/span><b>Information Security Management System (ISMS)<\/b><span style=\"font-weight: 400;\"> was essential to safeguard customer data and meet industry expectations. To demonstrate its commitment to security, Esgrid aimed to achieve <\/span><b>SOC 2 readiness<\/b><span style=\"font-weight: 400;\">\u2014a widely recognized standard for information security\u2014<\/span><b>in just 3 months<\/b><span style=\"font-weight: 400;\"> and head straight for a <\/span><b>Type 2 audit in 6 months<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, the company faced several challenges:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Time Constraints:<\/b><span style=\"font-weight: 400;\"> Implementing an ISMS and preparing for an audit is a complex process that often takes over a year. Esgrid needed a structured approach to <\/span><b>compress the timeline<\/b><span style=\"font-weight: 400;\"> while maintaining compliance integrity.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Lack of Experience: <\/b><span style=\"font-weight: 400;\">The company had no-one with prior experience building an ISMS based on a recognised framework.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Limited Resources:<\/b><span style=\"font-weight: 400;\"> With a lean team, Esgrid needed a solution that would reduce the workload on internal staff while ensuring high-quality security practices.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Audit Readiness:<\/b><span style=\"font-weight: 400;\"> Beyond implementation, Esgrid had to ensure it could provide auditors with the necessary <\/span><b>evidence and documentation<\/b><span style=\"font-weight: 400;\"> to pass the SOC 2 audit without major issues.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">To meet these challenges, Esgrid turned to Kordon.<\/span><\/p>\n<h3><b>Solution<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Kordon provided a structured, <\/span><b>hands-on approach<\/b><span style=\"font-weight: 400;\"> to ISMS implementation, helping Esgrid <\/span><b>go from zero to audit-ready in just six months<\/b><span style=\"font-weight: 400;\">. The process included:<\/span><\/p>\n<h4><b>1. Fast-Track Implementation with Preloaded Controls<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Kordon populated Esgrid\u2019s account with a <\/span><b>set of proven security controls<\/b><span style=\"font-weight: 400;\">\u2014including policies, processes, and technical safeguards\u2014that had successfully passed <\/span><b>SOC 2 audits<\/b><span style=\"font-weight: 400;\"> before. These controls provided a solid foundation, reducing the time needed to <\/span><b>develop security measures from scratch<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h4><b>2. Weekly Expert Guidance and Slack Support<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">To tailor the controls to Esgrid\u2019s unique needs, <\/span><b>Kordon co-founder Martin<\/b><span style=\"font-weight: 400;\"> held six <\/span><b>weekly strategy calls<\/b><span style=\"font-weight: 400;\"> with Esgrid\u2019s <\/span><b>CTO<\/b><span style=\"font-weight: 400;\">. These sessions helped fine-tune security policies, define clear responsibilities, and align implementation efforts with Esgrid\u2019s business operations.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To ensure <\/span><b>quick resolution of day-to-day issues<\/b><span style=\"font-weight: 400;\">, Kordon also set up a <\/span><b>shared Slack channel<\/b><span style=\"font-weight: 400;\">, allowing Esgrid\u2019s team to get real-time support.<\/span><\/p>\n<h4><b>3. Hands-On Implementation of Security Controls<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Esgrid\u2019s <\/span><b>CTO, Jevgeni<\/b><span style=\"font-weight: 400;\"> led the implementation of security controls, including:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Deploying <\/span><b>technical security measures<\/b><span style=\"font-weight: 400;\"> (e.g. logging and monitoring, access controls, encryption).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Using <\/span><b>Kordon\u2019s platform<\/b><span style=\"font-weight: 400;\"> to document compliance efforts and assign responsibilities.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Engaging <\/span><b>internal stakeholders<\/b><span style=\"font-weight: 400;\"> to ensure adherence to security policies and processes.<\/span><\/li>\n<\/ul>\n<h4><b>4. Preparing for the Audit<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">As the audit approached, Kordon provided hands-on assistance in:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Getting auditor quotes<\/b><span style=\"font-weight: 400;\"> and selecting the right firm.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Reviewing compliance documentation<\/b><span style=\"font-weight: 400;\"> to ensure completeness.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Simulating audit scenarios<\/b><span style=\"font-weight: 400;\"> to identify potential gaps before the formal assessment.<\/span><\/li>\n<\/ul>\n<h4><b>5. On-Demand Support During the Audit<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">During the <\/span><b>SOC 2 audit<\/b><span style=\"font-weight: 400;\">, Kordon remained actively involved, helping Esgrid:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Respond to auditor requests efficiently.<\/b><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Determine appropriate evidence<\/b><span style=\"font-weight: 400;\"> for different audit criteria.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Resolve last-minute compliance questions<\/b><span style=\"font-weight: 400;\"> to avoid delays.<\/span><\/li>\n<\/ul>\n<h3><b>Results<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">With Kordon\u2019s structured approach and hands-on support, Esgrid successfully <\/span><b>completed the SOC 2 Type 2 audit six months<\/b><span style=\"font-weight: 400;\">\u2014<\/span><b>50% faster<\/b><span style=\"font-weight: 400;\"> than the industry average. The streamlined process ensured Esgrid\u2019s security framework was <\/span><b>both robust and practical<\/b><span style=\"font-weight: 400;\">, allowing the team to maintain focus on business growth while embedding compliance into everyday operations.<\/span><\/p>\n<h4><b>Key Controls That Made the Biggest Impact<\/b><\/h4>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Efficient, Pre-Written Policies and Processes:<\/b><span style=\"font-weight: 400;\"> Instead of drafting security policies from scratch, Esgrid was able to adopt <\/span><span style=\"text-decoration: underline;\"><a href=\"https:\/\/kordon.app\/et\/policy-templates\/\"><b>Kordon\u2019s battle-tested policy templates<\/b><\/a><\/span><span style=\"font-weight: 400;\">, which were tailored to fit the company\u2019s needs. This significantly accelerated the documentation process and ensured alignment with SOC 2 requirements.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Vendor Risk Management:<\/b><span style=\"font-weight: 400;\"> Esgrid\u2019s reliance on third-party cloud services meant vendor security had to be tightly controlled. Kordon provided structured workflows to <\/span><b>track and assess vendor security posture<\/b><span style=\"font-weight: 400;\">, strengthening Esgrid\u2019s overall risk management.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Security Awareness Training:<\/b><span style=\"font-weight: 400;\"> Using Kordon\u2019s platform, Esgrid was able to <\/span><b>automate security training for employees<\/b><span style=\"font-weight: 400;\">, ensuring company-wide compliance with policies and reducing human risk factors.<\/span><\/li>\n<\/ol>\n<blockquote>\n<p><i><span style=\"font-weight: 400;\">&#8220;We knew SOC 2 compliance would be a leap, but Kordon made the process very manageable. The structured approach, expert guidance, and real-time support saved us months of effort. <\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">We got a clear roadmap and a set of controls that actually made sense for our business. Six months later, we were audit-ready with confidence.&#8221;<\/span><\/i><i><span style=\"font-weight: 400;\"><br \/><\/span><\/i><span style=\"font-weight: 400;\"> \u2014 <\/span><b>Jevgeni Bogat\u00f5rjov, CTO, Esgrid<\/b><\/p>\n<\/blockquote>\n<h3><b>Key Metrics<\/b><\/h3>\n<table>\n<tbody>\n<tr>\n<td><b>Key Metric<\/b><\/td>\n<td><b>Result<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Time to audit readiness<\/span><\/td>\n<td><b>6 months<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Policies put in place<\/span><\/td>\n<td><b>20<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Number of security controls implemented<\/span><\/td>\n<td><b>27<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Co-workers annoyed<\/span><\/td>\n<td><b>Only a few and only very little<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><b>Conclusion<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Esgrid\u2019s journey demonstrates that achieving <\/span><b>SOC 2 compliance in record time<\/b><span style=\"font-weight: 400;\"> is possible with the right strategy, tools, and expert support. Kordon\u2019s combination of <\/span><b>preloaded security controls, hands-on guidance, and compliance automation<\/b><span style=\"font-weight: 400;\"> helped Esgrid <\/span><b>implement an ISMS, streamline the audit process, and pass with confidence<\/b><span style=\"font-weight: 400;\">\u2014all in just six months.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With a solid ISMS foundation in place, Esgrid is now well-positioned to <\/span><b>continuously manage and develop its security program<\/b><span style=\"font-weight: 400;\"> as the company scales. Even <\/span><b>without hiring a security manager<\/b><span style=\"font-weight: 400;\"> for the time being, using Kordon, the team can efficiently track compliance, update policies as needed, and adapt to evolving security and regulatory requirements.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For growing companies looking to <\/span><b>establish an ISMS quickly<\/b><span style=\"font-weight: 400;\">, Kordon provides a <\/span><b>proven path to security and compliance success<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n<p>&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>Customer Overview Esgrid\u00a0is a Value Chain Risk and Relationship Management Platform designed to automate and streamline risk assessments and relationship management for businesses. The platform allows organizations to gather and analyze data from their suppliers, customers, and other value chain participants. Challenge As Esgrid prepared to scale, it became clear that a robust Information Security&#8230;<\/p>","protected":false},"author":2,"featured_media":18798,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[128,26],"tags":[],"class_list":["post-18785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-soc-2","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/18785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=18785"}],"version-history":[{"count":15,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/18785\/revisions"}],"predecessor-version":[{"id":18809,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/18785\/revisions\/18809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/18798"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=18785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=18785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=18785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}