SOC 2 Audit Case Study: Honorlock | Shujinko

Honorlock Relies on Shujinko for Smooth, Automated Cloud Security and Privacy Audit Process

Aubrey Sepko from Honorlock - SOC 2 Audit case study

“One of the best parts about AuditX was how easy it was to coordinate activities and make sure we had all our bases covered. Team members could just sign in, filter by name, and know exactly what they were responsible for, where it was in process, and how to get to the next step. ”

– Aubrey Sepko, Director of Client Experience Honorlock

Key Benefits

Checkmark Icon
Coordinates and orchestrates the audit process, helping even inexperienced teams quickly achieve readiness
Checkmark Icon
Shaves 30% or more off engineering time and resources by automating evidence collection
Checkmark Icon
Ensures evidence is accurate and comprehensive across cloud and SaaS infrastructure
Checkmark Icon
Grows and evolves through continuous addition of new features and functionality

Overview

In this audit case study example, Honorlock, a provider of online proctoring solutions for schools and universities, approached its second SOC 2 certification with a new compliance team. By leveraging Shujinko’s AuditX to simplify, automate and manage the process, the company sped through certification, shaving more than 30% off its completion timeline

Embracing Online Data Security

Honorlock helps hundreds of educational institutions protect academic integrity while improving the online testing and examination process. With schools and universities increasingly embracing online education, the company is seeing more demand for its services than ever.

As on organization committed to online integrity, Honorlock needs to show these institutions it’s serious about security and privacy of student data. The company had already achieved its first SOC 2 certification, and when it came time to renew, it decided to add the Privacy Trust Principle to further showcase its commitment.

Yet as a fast-growing organization, Honorlock had many new people, systems and processes in place since its last audit. In particular, some members of the team charged with managing the SOC 2 compliance audit had never led a certification before.

“As soon as we got into the process and began reviewing spreadsheets, our heads started to spin,” says Aubrey Sepko, Director of Client Experience at Honorlock, who managed the process along with the company’s Director of QA, Aubri Schilf. “I looked at Aubri and we both concluded this was going to be challenging.”

Gathering of audit evidence fell on the technical team, and Honorlock’s CTO at the time, Wade Billings, had been through his share of audits before – so he recognized how much of a drain it represented on product and engineering resources. “Process improvement, as well as our internal and external stance on security is always our top priority. But as an organization we depend on innovation; having to pull critical team members off those development projects so they can take screenshots and record configuration data is far from ideal,” he notes.

Honorlock thus had an audit team that desperately needed guidance to simplify and clarify the process, and a technical team that wanted to gather the right evidence for certification as quickly as possible.

Fortunately, they were introduced to Shujinko’s AuditX.

Coordinating Audit Readiness

“I’ve been through multiple audits at larger organizations, and even they lacked tools like AuditX. We had dedicated people and monster issue trackers, and it was a huge headache. AuditX was a godsend in eliminating the guesswork for Honorlock, and something that would have saved a ton of time and effort in the past.”

– Wade Billings, former CTO, Honorlock

AuditX is purpose-built software that automates audit preparation, evidence collection and readiness. With AudilX, organizations can complete the compliance audit process 3x faster, easier, and with much greater predictability and visibility. Honorlock was especially eager to leverage Shujinko’s automated evidence collection and knowledgeable support team to make the audit process as quick and painless as possible.

“After realizing the knowledge and clarity Shujinko would bring to the audit process during on early call, we were like ‘just sign the damn paperwork’,” explains Sepko. “Aubri and I couldn’t get AuditX fast enough; we knew we absolutely needed this to tackle the certification.”

Sepko liked how AuditX helped prioritize, orchestrate and track audit tasks among various team members across departments. “It was nearly impossible to assign and manage all the tasks using spreadsheets,” she says. “One of the best parts about AuditX was how easy it was to coordinate activities and make sure we had all our bases covered. Team members could just sign in, filter by name, and know exactly what they were responsible for, where it was in process, and how to get to the next step.”

Honorlock also benefited from the reporting in AuditX, which made it easy for executives, the team and external auditors to see status – and understand opportunities for quick victories. Moreover,

the tool made it simple and fast to coordinate with the audit firm on particular tasks. “The auditors would hop in, change status or provide feedback and let us know we still needed to do X, Y or Z to move things along,” says Schilf.

In fact, in centralizing all communications and documentation, AuditX created an Invaluable repository between Honorlock and its audit firm. “We’d load documents into AuditX and they had access to everything they needed,” she says. “We would have been sending thousands of links and emails back and forth, and eliminating all of that was a big benefit of using the platform.”

Automating Evidence Collection

AuditX not only helped Honorlock orchestrate the cloud compliance process, it also automated evidence collection and presented a familiar environment for the technical team.

“AuditX is reminiscent of other process tracking tools my team already uses, like Jira, making for a shallow learning curve and quick start,” says Honorlock’s former CTO, Billings. “More importantly the automated collection was key in saving our engineers their most precious commodity: time. We have a lot of different environments per account, so being able to just click a button and pull needed evidence is magical.”

AuditX automates the process of collecting that evidence from cloud and SaaS infrastructure – improving both speed and accuracy. The platform even gathers important metadata to help with audit completeness, and maps relevant evidence across controls, and even across standards, facilitating readiness and eliminating the need for multiple uploads.

Billings was impressed with the comprehensiveness of the wide range of collected data, and how well organized it was, noting that it ‘covered a lot more surface area’ than he would have expected. “That large surface area is super beneficial for us, because now the data’s all in our system. If there are questions or we need to understand gaps we don’t have to figure out what we need and pull it – it’s all just there,” he says.

I oversee customer experience, so I’m hypersensitive to organizational responsiveness. The Shujinko support team was not only incredibly knowledgeable and helpful in moving us through the audit, they checked every box in terms of adding the human touch to the overall experience.

Even though Honorlock is a relatively small organization and had previously conducted a SOC 2 audit, Billings still thinks AuditX cut the workload for his technical team by 30% or more. “I’ve been through multiple audits at larger organizations, and even they lacked tools like AuditX. We had dedicated people and monster issue trackers, and it was a huge headache. AuditX was a godsend in eliminating the guesswork for Honorlock, and something that would have saved a ton of time and effort in the past.”

Billings puts this in a larger context: “There’s often competition for engineering or DevOps attention, and it’s never good to have a conversation about ‘do we want to build new product code’ or does the team need to work on other things? Compliance is important, so using automation to sidestep those decisions on where to invest time was invaluable to us.”

Honorlock’s Sepko notes that working with Shujinko also saved the company a lot of heartburn. “I oversee customer experience, so I’m hypersensitive to organizational responsiveness. The Shujinko support team was not only incredibly knowledgeable and helpful in moving us through the audit, they checked every box in terms of adding the human touch to the overall experience.”

Having just completed its SOC 2 Type 1 audit in this audit case study, the company is already looking toward future certifications using AuditX. The team anticipates a Type 2 audit in a few months, and has already been in touch with Shujinko about future plans. “One of the things that’s been great in working with AuditX is how fast the platform is evolving, and how willingly Shujinko listens and incorporates feedback. We’re already discussing some new functionality that will help with our next audit,” says Sepko.

Going forward, Honorlock expects having a tool like AuditX to rely on for future audits will eliminate an opportunity cost for the service organization. “As we look to new markets and new geographies, ensuring compliance is a common thread,” notes Billings. “Lowering the audit barrier and being able to quickly adhere to shifting standards makes those new opportunities that much more feasible to pursue.”

As an organization that’s focused on integrity and innovation, Honorlock is quick to recognize a kindred soul. Notes Billings: “Turning a stressful, opaque and labor-intensive process into something we can efficiently manage with clear visibility and high confidence – that’s the advantage of having a tool like AuditX.”

Automate Audit Preparation

Get ahead of your upcoming audit deadlines and compliance initiatives. Ditch the shared spreadsheets, back and forth email, and unclear evidence requests. Start working with Shujinko’s AuditX tool to simplify, automate, and modernize audit preparation for your cloud-first enterprise.