By partnering with New England Safety Partners, they achieved:
SOC 2 Type I (Security & Availability)
Multiple successful SOC 2 Type II reports in subsequent years
Stronger security operations, training, and documentation
Increased confidence from customers, auditors, and acquirers

The result? A repeatable, audit-ready security program and a smoother path through due diligence during a successful acquisition.

SOC 2 done right doesn’t slow growth. It enables it.

#SOC2 #Compliance #CyberSecurity #StartupGrowth #EnterpriseSales #Trust

Download the Case Study

For growing companies, achieving SOC 2 compliance means proving to customers, partners, and investors that security, availability, and operational discipline are built into how you operate every day, not bolted on at the last minute.

Done right, SOC 2 can:
Shorten security questionnaires
Accelerate enterprise sales cycles
Strengthen internal processes and accountability
Demonstrate long-term commitment to protecting customer data

Whether you’re preparing for your first Type I or maintaining a mature Type II program, the key is treating compliance as an ongoing business process, not a one-time event.

Security builds trust. Trust drives growth.

7 June 2022

Kolide receives a SOC 2 Type 2

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security and business process analysis and implementation today announced that it has helped its client, Kolide, Inc., successfully complete the Service Organization Control (SOC) 2 Type 2 audit for 2022.

Kolide is an endpoint security and device management company founded in 2016. Their SaaS solution helps organizations manage their employees’ devices, in order to meet their compliance objectives. Indeed, Kolide was in the somewhat unique position of using its own product to prove compliance for SOC 2 certification.

The audit affirms that Kolide’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. These audits are key to demonstrating ongoing operation of critical security controls that are crucial for Kolide’s customers.

This marks the second time New England Safety Partners has assisted Kolide with compliance, after working on their SOC 2 Type 1 audit in 2022. Antigoni Sinanis, Director of Operations described the experience:

“I quickly got overwhelmed by the sheer amount of evidence I had to gather and the auditors suggested New England Safety Partners to help us get audit-ready.

I chose NESP over the automated compliance support products out there, because they were local and it was important to me (pre-COVID) to be able to have face-to-face interactions, and feel like I was working with people who had a personal stake in our company. I met with them every week for three months, and they worked with me to gather the evidence I needed.” 

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

Kolide, Inc
Nick Fitzsimmons
pr@kolide.co
https://www.kolide.com/

4 April 2022

AFT’s anda is positioned to safeguard cardholder data

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security and business process analysis and implementation today is proud to announce that Assembled Financial Technology’s (AFT) new banking platform, anda, has achieved PCI/DSS compliance! Compliance with the Payment Card Industry Data Security Standard (PCI/DSS) is a requirement for any merchant or processor of cardholder data.

The anda mission is to revolutionize banking through a crypto engagement platform that dramatically improves program economics while simultaneously delivering financial benefits to Latinos, a community in need of better financial solutions.

This milestone is critical to demonstrating that AFT’s anda is positioned to safeguard cardholder data, and has implemented policies and procedures to keep that data safe.

“NESP helped us navigate the PCI compliance minefield. We couldn’t have done it without them!” Shahin Jahromi, AFT’s Chief Product and Technology Officer.

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

About AFT

Assembled Financial is a technology company that builds software products to improve the financial well-being of individuals and communities.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

Assembled Financial Technology
9000 Sunset Boulevard Suite 1010
West Hollywood, CA 90069
(310) 695-1290
hello@assembledfinancial.com

A few pitfalls in Access Control:

• Not adhering to a Least Privilege strategy – Simply put, personnel and workstations are granted the least privilege necessary to perform their responsibilities and no more.  A computer at a reception desk shouldn’t have access to critical organizational information.  The same is true for a vendor who may legitimately need access to some area of an organization’s resources.  Do not allow more access than is absolutely necessary.

• Excessive Privileges or Creeping Privileges – This can happen when a manager moves from one role to another and, through oversight, retains access to assets of the initial role.  Another example is where personnel have risen in an organization over time.  As one gains increased privileges within the system, it may be awkward to remove access a person no longer needs to perform regular duties.  Standing policies and regular reviews of access are good ways to reduce these vulnerabilities.

• Allowing personnel to access critical information in less secure environments or on less secure devices – An organization may allow a junior executive to retain access to systems and information while on vacation in a foreign country.  In all but the rarest circumstances, disabling such access reduces the risk of compromise.  Likewise, mobile devices, by definition, aren’t always protected by an organization’s firewall.  Train your personnel in what the organization requires, on site and off.

• Single Factor Authentication – An Identity which attempts to access systems and information must be Authenticated.  Authentication may be as simple as providing the right password for the Identity.  This is sometimes referred to as “something you know.”  A more secure Authentication strategy is Multifactor Authentication.  This may include a small device you carry, also referred to as “something you have.”  Also, biometrics is a growing factor in Authentication, using unique aspects of an Identity or ‘something you are.”  Multifactor Authentication provides more secure Access Control than a single factor alone.

• Ensuring that accounts, keys and devices assigned to personnel leaving the organization are suspended and collected before the person leaves the premises.  If the organization uses keyless entryways, change the codes at reasonable intervals and especially when someone leaves the organization.

These are but a few examples of comprehensive Access Control.  NESP can help you with your policies, procedures and training.  If you have any questions about reducing your risk from improper access, give us a call or send us email today. We are here to help!