Achieving SOC 2 Type 2 Attestation : How Boxo ensured Data Security and Compliance with Cyber Sierra

Location: Singapore

Solution: GRC

Boxo is a Singapore-based leading Super App platform that transforms any app into a comprehensive service hub. By integrating Boxo businesses can offer a wide range of functionalities such as e-commerce, bill payment, travel, and more all within a single app.

The platform enables you to seamlessly integrate various mini apps and enhances user experience and engagement. Dedicated to helping businesses launch new features quickly, Boxo provides users with an all-in-one digital solution, making it a valuable asset for businesses aiming to expand their service offerings efficiently.

Cyber Sierra assisted us in achieving SOC 2 Type 2 readiness by providing handy policies and procedures, making it easy for us to distribute them to employees and streamline evidence collection.

Lu, (Amy), Liu

Head of Engineering, Boxo

Challenge

As an enterprise handling sensitive data across industries like e-commerce, bill payment, and travel, Boxo recognized the need to fortify its security posture. Despite being ISO 27001 compliant, Boxo sought to augment its compliance stack and streamline the process of answering lengthy security questionnaires from enterprise clients.

Furthermore, with Boxo expanding in new geographies, providing additional assurance to clients and users about the security and privacy of their data became paramount. To enhance credibility, build trust, and demonstrate its commitment to robust security practices, Boxo aimed to achieve SOC 2 Type 2 compliance.

Solution

Having successfully attained its ISO 27001 certification using Cyber Sierra's platform, Boxo was well-acquainted with its unique features, including continuous control monitoring, vulnerability scanning, and third-party risk management. Building on this positive experience, Boxo approached Cyber Sierra once again to pursue SOC 2 Type 2 compliance.

Recognizing the significant overlap between the two security frameworks' policies and controls, Cyber Sierra's team of compliance experts collaborated with Boxo to identify and address any gaps in their existing policies and controls. This streamlined approach leveraged Boxo's prior efforts, ensuring an efficient and seamless transition towards SOC 2 Type 2 compliance.

Cyber Sierra seamlessly integrated SOC 2 Type 2 security protocols into Boxo's existing technology stack, empowering Boxo to streamline and automate the challenges associated with SOC 2 compliance. The platform's comprehensive built-in security policies' template enabled Boxo to effortlessly implement the mandated security controls, optimizing compliance management and evidence collection processes for its SOC 2 attestation.

"It was easy to acknowledge and review policies on the Cyber Sierra platform and share them with our team members for their understanding and acknowledgement. We use the platform regularly to scan our GitHub to identify security issues and mitigate them. Employee training is also a very useful feature.", added, Lu (Amy) Liu Head of Engineering, Boxo

Through Cyber Sierra's intuitive control mapping capabilities, Boxo significantly mitigated compliance fatigue by effortlessly aligning the controls of SOC 2 compliance standards with their existing security frameworks. This strategic approach not only optimized their compliance efforts but also facilitated the seamless integration of custom security standards into their operations.

This holistic approach facilitated efficient performance across compliance audits, ensuring a consistent and robust security posture.

Outcome

Leveraging Cyber Sierra's AI-enabled platform, Boxo achieved a remarkable feat by attaining its SOC 2 Type 2 attestation within an impressive 90-day timeframe. During the rigorous audit process, Cyber Sierra's real-time dashboard and audit-ready reports empowered Boxo to share compliance evidence swiftly and seamlessly, ensuring a streamlined and efficient audit experience. “The entire audit experience was smooth. We had help from the Cyber Sierra team throughout”, explained Amy.

By attaining compliance and securing certifications for two security standards, ISO 27001 and SOC 2 Type 2, Boxo has solidified its credibility as a trusted custodian of sensitive data. This remarkable achievement serves as a powerful testament to Boxo's unwavering commitment to robust security practices, bolstering its reputation and instilling confidence among clients, partners, and stakeholders alike, cementing its position as a trusted and secure provider of innovative solutions across industries.