Blog  /  Case Study

How Laika helped Pave get SOC 2 Type 1 compliant in 6 weeks

With the recent boom in fintech startups, more and more emerging markets now have access to financial services. However, getting a complete picture of a consumer’s finances requires significant engineering time and resources. Pave makes it easy for fintech developers to access a complete view of their end customers’ cash flow and financial profile. 

It’s no surprise that Pave began their SOC 2 journey right from the start. Based on the types of data Pave holds, a SOC 2 could provide their ecosystem with trust and confidence. In 6 weeks, they were able to get their SOC 2 Type 1 report. We spoke with Jack Tannenbaum, Head of Business Operations, about how seamless their experience was with Laika. 

Why SOC 2?

A SOC 2 report was crucial for Pave. As they began building their solution, they knew they needed security and compliance to shape their organization. There’s a critical amount of trust their customers have to have in them. From analyzing risk and building budget functionality to providing goal recommendations, they needed fintech businesses to feel confident that their solution could solve their problems with no risk. 

They recognized that with any company, security and compliance are the foundation. A SOC 2 report could chart a way forward for a more secure API — one that is optimized not just for greater accessibility, but for security and trust as well. 

When starting the search for a partner, Pave knew they needed a solution that could provide thoughtful security insight. Check-the-box solutions wouldn’t fit the bill. They realized that every business is nuanced, and compliance programs should be customized and built to scale with them. Pave turned to Laika to build a compliance program from scratch. 

As a team, this was our first SOC 2 experience. When we were looking for a solution, we wanted a partner that would be able to have thoughtful dialogue with us. Most of the platforms we looked at didn’t have expertise built in. We saw a lot of value in having someone to sound off against.

5-week Implementation Period 

Pave’s implementation process began with onboarding and the gap analysis. Laika automatically integrated with pre-built applications and connected to all of Pave’s users, devices, and vendors. Then, Laika’s compliance architect team performed a gap analysis and instantly created customized policies and guided workflows to fill in any missing pieces. 

Pave’s compliance architect, Shawn Studholme, provided the team with insights along the way. He helped Pave approach compliance as a core capability for their company — understanding how to shape an organization to become security-minded. 

We would have these cross-collaborative calls with our engineering team, Shawn, and Laika’s CISO. Those conversations were incredibly valuable to us because we would talk about how to construct a program that was impactful, and not become a hindrance as we grow. Especially for a small company, that service was unmatched.

Customized SOC 2 Controls and Workflows

The Laika platform made it easy for Pave to understand the value behind each control. Instead of recommending controls that were too costly or unrelated, Laika’s stage-appropriate controls helped Pave:

  1. Understand the purpose behind each control and what it’s meant to mitigate against 
  2. Identify a compensation control that fulfills the purpose while making more sense for the current stage

For us, it’s all about stage appropriateness. We wanted to make sure we could build controls that can be implemented and enforced. The tailored controls were super valuable to us.

Built-in Compliance Expertise

Laika’s built-in compliance expertise was a valuable resource for Pave throughout their Type 1 journey. Shawn helped the Pave team minimize complexity, move through workflows, and answer tough compliance challenges. 

“Shawn was our partner throughout this journey. We had someone equally invested as us in getting our report. He would shoot me an email unprompted about something related to our conversation he was thinking about. The level of quality is just such a valuable resource.”

In 5 weeks, the Pave team was ready to begin their audit process.

“It took us roughly 5 weeks from when we first started implementing controls to entering the audit kickoff meeting. We would have weekly check-ins with Shawn where we check off boxes and work with our engineer team to understand what needs to be done. Our architect was there for us the whole way through to make sure we were on track.”

1-week Audit Period

Pave worked with Laika Compliance LLC, a leading CPA firm specializing in SOC reporting under AICPA standards. Laika’s partnership with Laika Compliance eliminates the uncertainty of an audit process and streamlines every step. Unlike other audits, each step of the audit was visible directly through the Laika platform. 

During the audit process, Shawn was Pave’s first point of contact. Any request that came from the auditor was first passed through Shawn and then to the Pave team if necessary.  In just 1 week, Laika Compliance was able to review, process, and draft a report. 

“Shawn felt like a member of our company. Once in audit, he was that first line of defense between us and the auditor. He was so on it that he would only come to us with very targeted tasks so we would know what exactly we needed to provide.”

What’s Next?

Security is a top priority for Pave. As they embark on their SOC 2 Type 2 journey, they continue to update and evolve their compliance posture. The Pave team maintains 100% confidence in their program with Laika monitors. The platform automatically flags potential issues and provides suggestions for risk mitigation.

As Pave continues to grow, Laika stands by to answer questions and provide guidance on how to shape the future of Pave’s compliance. 

Security and compliance is in Pave’s DNA. Their commitment to keeping data secure goes beyond the check-the-box mentality and extends into the way they run their business. I have no doubt that Pave will continue to provide their customers with the highest level of security, and I’m excited to be working alongside them.”

Shawn Studholme, Compliance Architect at Laika