Subscribe
Sign in
Control — Accelerate and automate security & SOC2 compliance for free
Control solves compliance with one integration. SOC2, ISO 27001, PCI & more. No more complex legalese, writing policies or manually running endless checks across your systems. Accelerate & automate your security program and SOC2 compliance for FREE today.
57
Replies
We’re honored to be hunted by @hnshah. Thank you for the support!
Hey Product Hunt! I’m excited to share Control with you.
Over the years, as both a founder and product leader, security and compliance always seemed to delay and derail execution.
I’ve seen multi-million dollar deals fall through because of non-compliance, or basic security missteps lead to major incidents, (like employees getting scammed for gift cards). And don’t even get me started on consultants and spreadsheets. I have so many stories to share...
That is why we built Control - to solve compliance with one integration.
Controls accelerates and automates SOC2, ISO 27001, PCI and more - so that you can build your company, not work on compliance. No more complex legalese, writing policies or manually running endless checks across your systems.
At VGS, we’re on a much bigger mission though - to protect the world’s information. This means that we are relentlessly committed to delivering solutions for the ever changing complexities of security and compliance.
That’s why as a part of this launch, we’re offering guaranteed SOC2 compliance on Control for FREE. Just create an account, commit to real security, and we’ll take care of the rest.
We’d love to hear your feedback, and if you have questions about Security/Compliance, let us know. My team and I will be around all day to help.
Good question @datarade. Security can't be an afterthought. Getting a compliance certification (like SOC2 or PCI) is usually a goal that aligns with a forcing function like customer demand or a partnership/regulatory requirement. However, implementing a baseline security posture as early as possible not only puts important protections in place, but sets a company up for the compliance work that’s likely coming down the pipeline (i.e. reduce technical debt).
Our goal is to meet companies where they are, and empower them to improve their security posture over time. Companies should be thinking about how to embed the right level of security into their workflows as early as possible. This is why we offer Security Foundations (https://bit.ly/2MWexPm) for free. So that any company, no matter the stage, can implement a baseline security posture. Then, when a company needs to obtain a compliance certification, most of the work is already done.
You're building tons of awesome stuff @datarade. Have you ever been blocked by security/compliance?
@datarade @jonathancordeau I've used VGS's other products when I'm jammed up.
Need to try out the control product.
Looks very interesting to help integrate good security into an existing or nascent technology platform
Can you guys add a glossary for all of the compliances and some content for when and why someone might want to start thinking about them though?
There's just a lot of letters and numbers and for someone who's not deeply into security as their main job it's not very accessible to know what they mean or when they apply 😅
PCI is something the general population probably knows but everything else probably not
@boujeehacker Hi Will! That's a great question. I am part of the Control compliance team here at VGS, and I can help you out with that. In the most simple terms, many companies are seeking out SOC2 compliance because their business partners are contractually requiring it. When it comes to these contracts, unfortunately we all have to cave in and play the compliance game. The other frameworks are often required for one reason or another, and they are all designed to tell a story of your organization's security posture with varying interests in mind.
With that said, our goal with Control is to make it so it does not entirely matter which cybersecurity framework from the "alphabet soup" your company is seeking. We make capturing audit evidence painless across multiple frameworks in one effort, and you can choose the one or more that suit your needs.
Many years in the payments industry building Payline Data has shown me how difficult compliance and security really are. There have been hundreds of millions if not billions spent by e-commerce companies, investors, and banks alike in the last 10 years to become and maintain compliance and deal with the fallout of non-compliance, breaches, and fraud. Having worked with the VGS team in the past, there is no one else I would trust to deliver. In an API driven world, this solution is a MUST HAVE for anyone looking to solve compliance with one integration.
@adiatlov HIPAA is available on Control today! The additional controls that apply to HIPAA are typically added to the SOC2 Security Trust Criteria, and leverage all the same automations. This allows you to demonstrate compliance using an industry standard reporting framework. This allows you to achieve a SOC2 + HIPAA report to save both time and cost.
The last think you need is another set of complicated rules/regulations/compliance to hold you back. We've got you covered @pakhzar!
@bullstern Hey Tom! If you mean switching in terms of time to get acclimated to the tool, we typically see smaller companies get through SOC 2 Type 1 on Control without any new hires in about 2 weeks: just someone assigning tasks, looking at policies, and kicking off with the auditor, and then a devops person looking through the monitoring. It's super important to us that using Control means needing less compliance/security people, not more of them!
If you meant switching from another vendor for compliance, we want to make that as easy as possible. From an integration/engineering standpoint, it's as easy doing the integration steps (5 minutes). From an existing evidence standpoint, our compliance team typically will assist with a data migration from anything from a dropbox folder to a complete GRC tool. We also make all of our Control mappings to the standardized AICPA framework open for any mapping you may already have done.
@prilutskiy Thanks for the support, and for building a product we all love too!
@peter_o_malley Nailed it! An organizations Security and Compliance should be an asset, not an anchor...maybe we should do an AMA where we just share horror stories?
this is a total game changer. no consumer-facing platform wants to deal with compliance and now they dont have to... for free... from the all-star VGS team
@bcarroccio we appreciate the support from you and the entire a16z team! We'll solve the security and compliance stuff, so that the companies you back can build enduring businesses unconstrained!
Great! SOC2 been our bottleneck in negotiations with large companies. Thanks VGS for making such a smart move to relieve startups from real pain
Control is a great platform, really helping us get our compliance done with little overhead from our team!
@adam_ballai appreciate the love. Right back at you! RevOps is a great platform, really helping us get our proposals done with little overhead from our team!
Congrats on the launch, @jonathancordeau! Supporting multiple compliances is a killer feature!
We agree @mark_backman! We believe that the only way to truly solve compliance with one integration...we do the hard work of interpreting all the complicated controls and then automating them, so that you can actually focus on building YOUR business!
So excited about Control changing the data security & compliance game! Way to go VGS 🚀
CryptoPoops