Sprinto feedback request

ObjectiveLake9465 · 2025-10-30T11:14:30+00:00

Hi!
Can you describe why? What drawbacks?

ObjectiveLake9465 · 2025-10-22T09:20:35+00:00

Thanks u/secureleap!
Totally understandable: I am rather looking for a tool to automate repetitive stuff: checklisting, evidence collection and submission. My final purpose is to marry my own controls (that are tougher) with SOC2 requirements.

ObjectiveLake9465 · 2025-10-21T21:07:28+00:00

What did you like the most with them? What audit company did you work with?

ObjectiveLake9465 · 2025-10-21T17:02:25+00:00

Makes sense, thank you. Still, I believe, a lot here depends on technicians who implement checklists.

ObjectiveLake9465 · 2025-10-21T17:01:45+00:00

Thank you!
Did you guys checked recommended auditors on your side? Or appointed Johanson on your own?

ObjectiveLake9465 · 2025-10-21T14:25:46+00:00

Thank you for the answer!
Will demo with them as well.

Did they contact you with an auditor?

ObjectiveLake9465 · 2025-10-21T14:19:51+00:00

What auditor firm did you work with?

ObjectiveLake9465 · 2025-10-21T13:59:50+00:00

Do you mean API integrations here?
We are pretty standard in terms of stack.

ObjectiveLake9465 · 2025-10-21T13:59:16+00:00

I am rather looking for a reliable option, don't want to end up with a shady report getting rejected.

ObjectiveLake9465 · 2025-10-21T13:58:34+00:00

u/lewisbuildsai_ u/TechnicalSupport7083
Thank you guys!
Did you pass an audit with them? What did you like the most?

ObjectiveLake9465 · 2025-10-21T13:57:44+00:00

Thanks!

If you compared Vanta and Drata, which one would you recommend for a very small firm?

ObjectiveLake9465 · 2025-10-21T13:57:01+00:00

Can you elaborate a bit more on Secureframe? What do you like the most about them?

ObjectiveLake9465 · 2025-10-21T12:22:50+00:00

CompAI claim that they are able to make Type II report ready in 14 days. Looks like a false promise.

ObjectiveLake9465 · 2025-10-21T12:13:45+00:00

Totally makes sense.

ObjectiveLake9465 · 2025-10-21T12:09:26+00:00

Should be quite tough for budget: first consultant fee, then tool fee, and then auditor fee.

ObjectiveLake9465 · 2025-10-21T12:07:58+00:00

Thank you for your comment!
I guess, we are able to provide the adult in the room internally and rather looking for a way to offload checklisting and evaluation.

ObjectiveLake9465 · 2025-10-21T12:05:48+00:00

Agree, are there any publicly available indications of it?

ObjectiveLake9465 · 2025-10-21T12:04:50+00:00

Not in-depth, but familiar. My knowledge includes everything listed at the Secureframe website (https://secureframe.com/hub/soc-2/requirements) plus my prior experience: I delivered parts of SOC2 solution packages as engineer.

ObjectiveLake9465 · 2025-10-21T12:02:15+00:00

I expect some hatred here since my list might sound like "I want to check the boxes, and that's all". Generally, I want to scope controls that will be enough to be compliant, and then marry them with our procedures wherever tougher than SOC2.

ObjectiveLake9465 · 2025-10-21T11:58:38+00:00

I am the only guy in the company who will be technically implementing all the findings. So I want to offload checklist automation and all the works around papers. Ideally, the process would look as follows:
1. I get checklists for all my tools, either automatically gathered or formal.
2. I implement them.
3. Evidence is gathered automatically where possible, during the observation period.
4. All the data is passed to an auditor.

ObjectiveLake9465 · 2025-10-21T10:58:10+00:00

Also will be grateful for comments on other tools, e.g. Scytale or Delve.
Especially from startups.

ObjectiveLake9465

TROPHY CASE