Crossbeam Seeks Auditing Firm that Utilizes an Audit Automation and Compliance Management Platform

by: A-LIGN 3 min

A need for audit automation

Chris Castaldo, Crossbeam’s Chief Information Security Officer (CISO), is a forward-thinking, tech-savvy, experienced professional. Crossbeam, a partner ecosystem platform that helps companies build more valuable partnerships by examining data overlap with the promise of keeping data private and secure, brought Chris on as their first CISO and overall security hire. Although the company earned one SOC 2 report, Chris didn’t feel their current auditing firm was the right fit for their start-up.

“A SOC 2 report is paramount for building customer trust in how we handle our client’s data, especially for our large, enterprise companies,” said Chris. “Being a relatively small start up with an emerging security department, I knew we needed the assistance of an audit platform to maximize impact and better manage resources.”

When I began my search for an auditing firm, I had several prerequisites. I needed the firm to have a deep understanding of how controls are applied, ability to scale with Crossbeam’s growth, and a technology component capable of conducting multiple types of audits.”

Chris Castaldo

Crossbeam’s Chief Information Security Officer (CISO)

Finding the right fit

Chris began his search for an auditing firm who could provide a Software as-a-Service (SaaS)-based platform to centralize evidence collection, standardize compliance requests across multiple security frameworks, and consolidate audits to improve productivity while reducing required resources. As someone with a great deal of experience in cybersecurity and compliance, Chris was uninterested in simply working from spreadsheets and email communications as he didn’t have access to resources such as project managers or an internal audit team.

“When I began my search for an auditing firm, I had several prerequisites,” said Chris. “I was looking for a firm familiar with cloud technology, and auditors able to apply standards geared toward datacenters. I needed the firm to have a deep understanding of how controls are applied, ability to scale with Crossbeam’s growth, and a technology component capable of conducting multiple types of audits.”

In his past roles, Chris had been the recipient of A-LIGN’s reporting while reviewing vendor security and was impressed with the level of detail included in the documentation. Chris contacted A-LIGN and after speaking with an account manager, realized immediately that the auditing firm met all of his prerequisites. “Once I decided that A-LIGN was the best fit for Crossbeam, the buying process could not have been easier,” said Chris.

Earning a SOC 2 report utilizing compliance management

As soon as Crossbeam partnered with A-LIGN, they kicked-off their next SOC 2 Type 2 examination process and Chris’ team was introduced to A-SCEND, A-LIGN’s audit management platform. During the assessment process, A-SCEND helped to organize information and streamline the examination, ultimately allowing Chris to reallocate his time to more strategic initiatives.

“I was very happy with A-LIGN and the entire kick-off process,” said Chris. “Their auditor was very knowledgeable and communicative, check-ins went well, the project management team was on the ball, and A-SCEND provided transparency into material due while making it easy to submit evidence.”

Chris was happy with his decision to strategically choose an auditing firm that utilizes an audit management platform. “A-SCEND made my job much easier and beat using a spreadsheet, hands down,” said Chris. “There wasn’t much planning required on my end and the tool made gathering evidence much more organized. I can’t imagine going back to the days of submitting hundreds of pieces of evidence as a manual process.”

With Chris’ lead and extensive compliance experience, Crossbeam successfully earned their second SOC 2 report.

Continuing with compliance

Crossbeam’s successful SOC 2 report has motivated the company to continue down the compliance path and earn additional cybersecurity certifications. “A-SCEND greatly improved our audit experience and I’m now in the process of planning our next assessment,” said Chris. “Our SOC 2 report makes for a better narrative in our yearly report, painting a more complete picture of our environment and technical controls. I plan to earn our ISO 27001 certification to further provide trust to our clients and partners.”

Next steps

To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit
www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.

About Crossbeam

Crossbeam is a partner ecosystem platform that helps companies build more valuable partnerships. The company acts as an escrow service for data, allowing companies to find overlapping customers and prospects with their partners, while keeping the rest of their data private and secure. For more information on how Crossbeam is changing relationships, visit crossbeam.com.