Case Studies

How Brick Road Achieved SOC 2 Compliance with a No-Code Tool: A Journey of Innovation in Security

Written by Prescient Security | Nov 14, 2024 10:38:26 AM

Brick Road is a company that develops vertical SaaS solutions for industrial businesses, with a passion for distilling complex logic into simple code. They identify untapped opportunity within traditional industries and transform it into substantial value through strategic investment and partnerships. But as their client base grew, especially with larger enterprises, they realized they’d need SOC 2 compliance to maintain trust and meet the security requirements these clients expected.

 

Challenge

Simon Klobas, the Founder & CEO of Brick Road, strongly believes in the power of no-code tools. “No-code tools allow companies like ours to quickly launch and iterate on products without needing a dedicated development team,” he explains. However, this approach presented challenges for achieving SOC 2 compliance. Traditional compliance processes focus heavily on infrastructure and code management, which are managed differently in no-code platforms like Bubble.io.

Simon highlights another significant roadblock: integrating their no-code setup with existing GRC tools. Standard processes for tracking and proving compliance were designed for more traditional development environments, making the road to SOC 2 compliance difficult in a no-code environment.

 

Prescient Security's Approach

That’s where Prescient Security stepped in with an approach tailored specifically for Brick Road’s no-code infrastructure. 

Understanding Shared Controls

Prescient helped Brick Road map out which controls were covered by their no-code platform provider (Bubble.io) and which were their direct responsibility, helping them focus only on what they needed to manage.

Building a Compliance Roadmap

With a clear compliance roadmap, Brick Road knew exactly where to invest their efforts. This roadmap also helped them avoid redundant or unnecessary documentation, cutting down on audit time and cost. 

Streamlined Audit Process

Prescient’s focus on relevant controls reduced the audit’s scope, making the process more efficient and cost-effective for Brick Road.

Customized Documentation

Knowing that standard documentation wouldn’t reflect Brick Road’s no-code environment accurately, Prescient created materials tailored to showcase how Brick Road maintained security. 

Ongoing Support

With a focus on sustainable SOC 2 compliance, Prescient guided Brick Road on maintaining SOC 2 standards year-round. This expert guidance kept compliance requirements manageable as the company scaled.

 

Results

With Prescient Security’s compliance expertise in a no-code environment, Brick Road achieved substantial outcomes that prepared them for enterprise growth while managing compliance costs.

"Moving to no-code has been a game-changer for us in SOC 2 compliance. Thanks to Prescient’s guidance, we’re not only meeting enterprise-level security standards but have also streamlined our audit prep from three months to just six weeks.“ - Simon Klobas, Founder @ Brick Road

  • Significant Cost Savings: Prescient’s approach resulted in a cut in Brick Road’s compliance expenses by up to 66% compared to traditional audits. Brick Road redirected these savings into product development and customer growth.

  • Improved Time Efficiency: Annual audits, once a drawn-out process, became significantly easier for Brick Road, reducing prep time to six weeks and giving them more bandwidth to focus on core business.

  • Enterprise-Ready: SOC 2 compliance opened the door to larger clients, allowing Brick Road to meet rigorous security requirements and enhance their credibility in the industrial SaaS market.

  • Scalability: Brick Road demonstrated that no-code solutions can be compliant and scalable, serving customers across 10 geographic regions.

 

What do we take away?

When asked about his experience, Simon Klobas (Founder & CEO at Brick Road) had this to say, “After three years of unconditional SOC 2 compliance, we’re breaking the stigma around no-code tools. We are proof that no-code can be scalable, secure, and fully compliant, meeting even the strictest enterprise standards. The work we’ve done with Prescient shows where software development is headed—toward a more accessible, compliant future.”

  1. No-code platforms can be SOC 2 compliant when properly managed and audited.

  2. Having an understanding of shared controls is crucial for efficient compliance in no-code environments.

  3. Working with auditors experienced in no-code platforms can significantly streamline the compliance process.

  4. Compliance can be achieved without the need for large in-house security teams or expensive consultants when leveraging no-code platforms.

The partnership between Brick Road and Prescient Security highlights how no-code businesses can meet compliance needs without major trade-offs, setting Brick Road up for continued growth in enterprise SaaS.

 

About Brick Road

Brick Road is a technology development and consulting firm with a passion for distilling complex logic into simple code. Brick Road identifies untapped digital potential within traditional industries and transforms it into substantial value through strategic investment and partnerships.

Learn more at: https://brickroad.au/

 

About Prescient Security

Founded in 2018, Prescient Security has swiftly become a trusted name in cyber risk resilience, expanding its expertise nationally. Prescient is dedicated to enhancing cyber resilience and securing technology offerings. Their comprehensive security audits and assessments are bolstered by solid delivery processes and a team of advanced assessors, ensuring high standards of trust and efficacy for clients in an era of rapid technological change and economic challenges.