Skip to main content

Selection Process

1. Internal Prep
  • Define SMART360’s needs (SOC 2 Type II, timelines, budget range).
  • Decide evaluation criteria → e.g.,
    • Speed of implementation
    • Breadth of integrations (AWS, HRIS, ticketing, SSO)
    • Audit firm partnerships
    • Customer support responsiveness (Slack/email turnaround)
    • Pricing
    • Use of AI - How the process is carried out
    • Does the platform provide assistance for fixes of gaps and not just list of work items


2. Shortlist Top n Vendors


3 Outreach to Vendors / Demos

Send intro email asking for:

  • Product overview deck / one-pager.
  • Demo recording (generic demo, before live call).
  • Integration list (with systems like AWS, Okta/SSO, Jira, Slack, HR tools).
  • Pricing structure
  • Customer case studies / references (preferably B2B SaaS in U.S. with PII).


4 Live Demo / Discovery Call
  • Schedule 30–45 min demo with vendor rep.
  • Ask for a recording of your session → for internal sharing & review later.
  • Key focus areas during demo:
    • How integrations work (real example flows).
    • Evidence automation (AWS IAM, GitHub, HRIS).
    • Policy automation & flexibility.
    • Auditor partnerships (who do they work with).
    • Reporting/dashboards.
    • Manual work involved


5 Collect & Compare
  • Store all recordings, decks, and integration sheets in a shared internal folder.
  • Build a comparison sheet across vendors → features, integrations, timeline, support, cost.
  • Eliminate


6 Pricing Negotiations


7 Vendor Finalization




Outreach Template
Dear [Vendor Name] Team,

I hope this email finds you well. I'm reaching out on behalf of Bynry, a fast growing B2B SaaS company (~40 employees) that develops Smart360 an all in one utility management platform, our core platform handles customer PII data including SSN No, DOB, emails, addresses, and other sensitive information.

We're actively seeking a SOC 2 audit partner to help us achieve our first SOC 2 Type II certification within the next 4-5 months. As we serve enterprise customers and handle sensitive data, obtaining this certification is critical for our continued growth and customer trust.

To help us evaluate potential partners, we'd appreciate if you could provide the following materials:

  • Product overview deck/one-pager - Understanding your service offerings and approach
  • Demo recording - A generic demonstration of your platform before we schedule a live call
  • Integration list - Compatibility with systems like AWS, GCP, Plane, Slack, and HR tools etc.
  • Pricing structure - Transparent pricing for SOC 2 Type II audit and ongoing support
  • Customer case studies/references - Preferably B2B SaaS companies in the U.S. handling PII data

Additionally, I've included a brief questionnaire below to help us understand how your services align with our needs. We'd greatly appreciate your responses to help us make an informed decision.

Our key stakeholders (founder, tech lead, and product engineering director) are committed to moving quickly on this initiative, and we're looking forward to learning more about how you can support our compliance journey.

Thank you for your time, and I look forward to hearing from you soon.

 

Best regards

No Comments
Back to top