By partnering with New England Safety Partners, they achieved:
SOC 2 Type I (Security & Availability)
Multiple successful SOC 2 Type II reports in subsequent years
Stronger security operations, training, and documentation
Increased confidence from customers, auditors, and acquirers

The result? A repeatable, audit-ready security program and a smoother path through due diligence during a successful acquisition.

SOC 2 done right doesn’t slow growth. It enables it.

#SOC2 #Compliance #CyberSecurity #StartupGrowth #EnterpriseSales #Trust

Download the Case Study

For growing companies, achieving SOC 2 compliance means proving to customers, partners, and investors that security, availability, and operational discipline are built into how you operate every day, not bolted on at the last minute.

Done right, SOC 2 can:
Shorten security questionnaires
Accelerate enterprise sales cycles
Strengthen internal processes and accountability
Demonstrate long-term commitment to protecting customer data

Whether you’re preparing for your first Type I or maintaining a mature Type II program, the key is treating compliance as an ongoing business process, not a one-time event.

Security builds trust. Trust drives growth.

23 August 2023

Alyce achieves critical information security milestone

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation, today announced that it has helped its client, Alyce, Inc., complete the Service Organization Control (SOC) 2 Type 2 audit for 2023, earning an unqualified opinion.

Alyce is the only Smart Gifting platform, enabling sales, marketing, and customer success teams to create memorable moments and greater impact through a relational, recipient-first approach to gifting. With an AI-powered platform and a global network of partners, Alyce bridges the physical and digital world of marketing and revenue generation so that enterprises can better engage prospects, customers, and employees while delivering measurable results. Alyce is a venture-backed, privately held company headquartered in Boston, MA.

The audit affirms that Alyce’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. These audits are critical to demonstrating the ongoing operation of critical security controls crucial for Alyce’s customers, especially those in highly regulated industries.

“We were grateful for NESP’s help navigating the SOC2 audit and providing support as our vCISO. Their help freed our team to concentrate on running the business and keeping it secure while they worked with our external audit partner to get through the evidence required to satisfy the control testing,” Says Brett Zucker, CEO at Alyce. “We’re looking forward to continuing our success!”

Founded in 2013 and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information, contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

Alyce, Inc
Peter Lorenco
press@alyce.com
https://www.alyce.com/

27 July 2023

H2O.ai receives a SOC 2 Type 2

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 2 audit for 2023.

H2O.ai is a privately held technology company founded in 2011 and headquartered in Mountain View, California. H2O.ai is an open-source machine learning platform that makes it easy to build smart applications. They provide a fully managed artificial intelligence cloud infrastructure solution. Customers use the H2O.ai Cloud – Fully Managed platform to rapidly solve complex business problems and accelerate the discovery of new ideas.

The audit affirms that H20.ai information security practices, policies, procedures, and operations meet the SOC 2 standards for security. These audits are key to demonstrating the design and ongoing operation of critical security controls that are crucial for H2O.ai’s customers. “H2O.ai’s achievement is a significant step forward in their ongoing commitment to data security. Their dedication to protecting customer data and privacy is praiseworthy. As a consultant, it’s encouraging to see a company like H2O.ai leading the way in implementing robust security measures.” – Edward Gardner, Principal, New England Safety Partners.

“We’re incredibly grateful for the expertise and support provided by New England Safety Partners, LLC. Their team played an instrumental role in our journey toward this security milestone. Without their guidance, the process would have undoubtedly taken months longer. Their dedication and proficiency in data security are truly top-notch, and we’re fortunate to have partnered with them. This achievement is as much theirs as it is ours.” – David Epperson, CISO, H2O.ai

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

28 March 2023

H2O.ai receives a SOC 2 Type 1

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped H2O.ai., successfully complete the Service Organization Control (SOC) 2 Type 1 audit for 2023.

H2O.ai is a privately held technology company founded in 2011 and headquartered in Mountain View, California. H2O.ai is an open-source machine learning platform that makes it easy to build smart applications. They provide a fully managed artificial intelligence cloud infrastructure solution. Customers use the H2O.ai Cloud – Fully Managed platform to rapidly solve complex business problems and accelerate the discovery of new ideas.

The audit affirms that H20.ai information security practices, policies, procedures, and operations meet the SOC 2 standards for security. These audits are key to demonstrating the design and operation of critical security controls that are crucial for H2O.ai’s customers.

“The NESP team is the number one reason for the success of our compliance efforts.  They are professional, knowledgeable, helpful, and exceptional team players.  H2O.ai plans to continue to partner with NESP through our compliance journey of HIPAA, GDPR,  ISO, and FedRamp.” – David Epperson, CISO, H2O.ai

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

24 February 2023

Sense receives a SOC 2 Type 2

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Sense Labs, Inc. (Sense) successfully complete the Service Organization Control (SOC) 2 Type 2 audit for 2023.

Sense Labs, Inc.’s (Sense) mission is to make all homes intelligent through its “fitness tracker for the home”, helping consumers save money and live more safely with more energy-efficient households. Founded in 2013 by pioneers in speech recognition, Sense uses machine learning technology to provide real-time insights on device behavior, even for those devices that are not “smart”. Consumers and Partners (Customers) rely on Sense for a wide range of uses including monitoring their home appliances, determining whether they left appliances running, and identifying major energy drains in their homes so they can substantially reduce their energy costs. Sense is headquartered in Cambridge, Massachusetts.

The audit affirms that Sense’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, and confidentiality. These audits are key to demonstrating the design and operation of critical controls crucial for Sense’s customers.

“NESP was a tremendous help in our SOC 2 journey. They are deeply knowledgeable in the security domain and were able to provide extensive guidance and advice. They were incredibly responsive, proactive in pushing us forward in critical areas, and really acted as an extension of our team. They were hands-on in helping us craft policies and set up systems that strike the appropriate balance of rigor and overhead. On top of it all, they’re a joy to work with: pleasant, good-humored, and professional. I would wholeheartedly recommend them to anyone embarking on a compliance process.” – Ryan Houlette, Vice President Engineering, Sense.

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

23 February 2023

Silverbills receives a SOC 2 Type 2

Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped Silverbills successfully complete the Service Organization Control (SOC) 2 Type 2 audit for 2022.

The Silverbills platform is an online platform that helps its clients age with dignity by managing bills securely. SilverBills is revolutionizing household bills using proprietary software and personal support. Instead of being inundated by bills, having to remember deadlines and writing checks, clients are enjoying life without these stressors.

The audit affirms that Silverbill’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, confidentially, and HIPAA. These audits are vital to demonstrating the design and operation of critical controls crucial for Silverbill’s customers in healthcare. Additionally, a Type 2 attestation demonstrates that these controls are operating effectively, giving additional assurance that security is paramount to management.

“The NESP team’s expertise and guidance were invaluable in helping us navigate the complex requirements and ensure that we were compliant with all the necessary regulations. From the initial assessment to the implementation of necessary controls and policies, the team provided exceptional support every step of the way. Their thorough approach and attention to detail gave us the confidence we needed to pass the audits with flying colors.” – Vlad Mangeym, CTO, Silverbills.

About New England Safety Partners

Founded in 2013, and located in Newton, Massachusetts, New England Safety Partners has helped businesses of all sizes with comprehensive risk management services in cyber security and compliance management.

For more information contact:

New England Safety Partners
Edward Gardner
edg@newenglandsp.com
https://www.newenglandsp.com

As mentioned earlier, the Flipper Zero has a built-in sub-GHz radio that lets the device receive data (or transmit it, with the right firmware in approved regions) on the same wireless frequencies as keyfobs and other devices. Most traffic preemption devices intended for emergency traffic redirection don’t actually transmit signals over RF. Instead, they use optical technology to beam infrared light from vehicles to static receivers mounted on traffic light poles.

Perhaps the most well-known branding for these types of devices is called Opticom. Essentially, the tech works by detecting a specific pattern of infrared light emitted by the Mobile Infrared Transmitter (MIRT) installed in a police car, fire truck, or ambulance when the MIRT is switched on. When the receiver detects the light, the traffic system then initiates a signal change as the emergency vehicle approaches an intersection, safely redirecting the traffic flow so that the emergency vehicle can pass through the intersection as if it were regular traffic and potentially avoid a collision.

This seems easy to do, but it’s also very illegal. It’s called “impersonating an emergency vehicle,” and it comes with hefty penalties if you’re caught.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability
• CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability
• CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability
• CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability
• CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.