Discover how Mixpanel, a leading product analytics software company, leaned on Reciprocity’s Onboarding Services, resulting in an efficient implementation, fast adoption and a streamlined SOC audit.

All Eyes on SOC Prize

When Mixpanel’s security team was tasked with completing its first SOC Audit, the team got it done. While it was successful, it wasn’t exactly efficient, relying on manual processes and spreadsheets.

For our first audit, I acted as the middleman between the auditors and our company’s control owners. It was a constant game of requesting information, managing document formats and figuring out how to securely
collaborate. We made it work but I said, ‘Never again,’ thus starting our search for a GRC solution.

– Thomas Clark, Senior Information Security Manager with Mixpanel

One Platform for Compliance, Audit and Risk? Check!

Clark knew Mixpanel needed a comprehensive GRC solution to address immediate SOC audit requirements and better manage operational risk. While conducting research, Mixpanel discovered ZenGRC and wanted to learn more about the platform’s ability to support the company’s infosec team via a single, integrated user experience, leading Clark to reach out to Reciprocity for a product demo.

“Once we found ZenGRC, we engaged quickly with Reciprocity, ready to move – or so we thought,” adds Clark. “Our own internal procurement process stretched out to nearly a year, with the Reciprocity sales team sticking with us through multiple demos and stops and starts, proving their commitment to helping us elevate our GRC program.”

From Slow to Let’s Go

After purchasing the ZenGRC platform, the clock was ticking, with the kick-off to Mixpanel’s SOC audit just weeks away. Reciprocity’s Product Implementation team moved swiftly, streamlining the onboarding process with hands-on implementation and user training to deliver the fastest time-to-value.

“From getting our controls loaded into ZenGRC, to assisting with single sign on and Slack integration, the support we received from Reciprocity is the number one reason we were up and running so quickly and efficiently,” continued Clark.

Third-party Auditors Off and Running

One of Mixpanel’s primary business objectives was to streamline its audit process, allowing third-party auditors and control owners to work together more effectively. The integration with Slack proved critical for Mixpanel, allowing individuals to comment on audit-related tasks and evidence, then kicking off a dialogue within Slack for fast feedback and remediation.

“Our auditors were already familiar with ZenGRC, having used the solution with other clients,” Clark added. “There was no ramp-up needed, they simply asked for log-in rights and were off to the races – an early sign of efficiency gains to come.”

25% Reduction in Audit Effort, Time

Reciprocity’s ZenGRC platform has streamlined Mixpanel’s SOC audit process, eliminating the need to manually collect data, track documentation and follow-up on evidence requests – reducing time spent on audit-related activities by 25 percent.

“ZenGRC automates critical tasks and data sharing, doing the bulk of the work for us,” Clark shares. “We upload evidence, hit submit and know that the workflows will assign tasks and drive reviews and approvals through to completion – it’s that easy.”

Operationalizing Risk Management

Mixpanel is also using the ZenGRC platform for improved enterprise risk management, going beyond its traditional penetration testing to better identify, report on and remediate risk.

“We are increasing the KPIs we use to measure risk and this is where ZenGRC is really going to shine,” Clark continued. “Having a central repository where we see current risk status, actions taken and the controls in place, we leverage control from one risk towards another.”

A Foundation for Future Frameworks

As the company continues to grow, Mixpanel plans to look at other control frameworks and certifications, such as HITRUST. Having the ability to cross-map controls, rather than reinventing the wheel to collect evidence, will allow the organization to drive more compliance efficiencies with less effort.

“Adding more compliance certifications to our repertoire, opens up new business ventures to us and shortens our sales cycle,” concluded Clark. “As we expand our use of ZenGRC, the business value is only going to increase, earning its keep as a strategic asset that’s critical to our operations.”