We recently had the opportunity to sit down with Don Zereski, SVP of Engineering at Indico Data. Indico Data empowers its customers with real-time, actionable insights from unstructured data, enabling smarter risk assessments, more accurate claims evaluations, and more efficient policy management. Read on to learn how Carbide’s tech-enabled service offering provided expert guidance and tailored solutions, helping Indico Data streamline its compliance journey and achieve its ambitious and proactive security and privacy goals.
Video Transcript:
Tell us a bit about Indico Data and what you do.
I’m Don Zereski. I’m Indico’s SVP of Engineering. We help our customers process large bundles of unstructured documents by extracting all the nuggets of data that they need from those documents. Our primary customers are insurance companies and banks. They’re highly regulated industries, and extremely security and privacy-conscious. Our biggest challenge is living up to their lofty security and privacy requirements.
What was your experience working with Carbide like?
Working with Carbide, what we’ve been able to do is to build and operate a security program that lets us sell into extremely security-conscious businesses like banks and insurance companies. We’ve been able to do that without a full-time security team. The platform does a fantastic job in giving you all of the step-by-step tasks that you need to turn those policies into reality and to run a security program that meets the compliance requirements of SOC 2 and GDPR.
And being able to get through numerous questionnaires from banks and insurance companies and numerous audits from, banks and others. I don’t think we could have done it without Carbide.
The tool itself really provides you a fantastic roadmap of what you need to do to achieve compliance, for whatever security framework you pick. It gives you step-by-step tasks of what you need to do to build your program to satisfy one of those frameworks. We’ve had SOC 2 certification for four years and running and we have a growing roster of European customers – so GDPR is important to us, and ISO is of increasing importance to us.
How has Carbide’s Advisory services impacted your audit process?
Often it’s, once a year for a SOC audit, and then, at least a couple of customer audits a year. The Carbide tool does a great job of helping us prepare for those audits. It gives you really good guidelines on what kind of evidence you need to produce and gives you buckets to deposit the evidence into, and Carbide’s advisors complement the tool very nicely.
If prospects or customers ask questions about specific aspects of your security program that you’re unsure about or don’t have, the advisors are just an email away. They’re always incredibly responsive and ready to assist. If you’re a startup building enterprise software, I can’t imagine how you could grow, a security program without a tool like Carbide.
So, get policies in place early and get employees to sign off on them. Manage laptops by an MDM platform, and start building your security program slowly over time because as soon as you start making contact with very security-conscious customers, your security program and certifications like SOC 2 are going to become an absolute necessity.
We couldn’t sell to the customers that we service today without a SOC 2 certification, and there’s no way that we could achieve SOC 2 certification, without all the guidance that we get from Carbide. I mean, we literally could not walk in the door of an insurance company or bank without the security program that we have today that Carbide has been instrumental in building.
Share
