When it comes to data security and compliance, Syncron is setting new benchmarks in the SaaS industry. With an impressive track record, including “zero findings” in recent SoC audits and advanced automation processes, Syncron’s approach showcases both innovation and dedication. In this interview, Alex Korotkov, the company’s Chief Information Security Officer, discusses the journey behind these achievements, the role of AI, and what lies ahead for Syncron.
Alex, what is Syncron doing to ensure it meets the highest data security standards?
Alex Korotkov: At Syncron, we’re deeply committed to data security, and that’s reflected in the certifications we hold. We stay up-to-date with industry standards like SoC, ISO, Skyhigh, and G-Cloud. Beyond that, we routinely certify our products and operational processes to meet or exceed these benchmarks. Recently, we’ve achieved some significant milestones. All of our products are now covered by SOC1 following the latest SoC and ISO audits. We also completed full recertification under the latest ISO 27001:2022 standard. On top of that, we received attestation for ISO 27017, which confirms we’re applying ISO 27001 principles specifically for cloud environments. These certifications reinforce our commitment to providing advanced, secure products and services.
What is the significance of Syncron achieving zero findings in the SoC 1 and SoC 2 audits?
Achieving zero findings in these audits is a big deal for us. Typically, when companies undergo these audits, they’ll have several findings to address. Having zero findings really highlights Syncron’s strong commitment to security and the effectiveness of our new automated audit processes. It’s also a clear signal to our customers about the high quality of our compliance efforts, which is something they highly value and require.
“Achieving zero findings is a big deal for us.”
How has Syncron been able to achieve compliance more efficiently than in the past?
The key to our efficiency has been creating a centralized control library. This allowed us to streamline the entire audit process by consolidating compliance requirements and automating how we collect and verify evidence. Using our automation platform, Drata, we’ve been able to significantly reduce manual intervention, speeding up the process while ensuring accuracy.
You worked with an external partner. Can you explain this partnership and how it benefits Syncron customers?
Absolutely. We partnered with a leading audit firm to simplify and consolidate the compliance process. Instead of managing multiple regional audits, we now have one comprehensive annual audit. This single audit provides a clear and credible opinion on our compliance posture, which not only reduces complexity for us but also reassures our customers about the robustness of our processes.
What measures have been implemented to ensure that compliance audits are now consistently delivered on time?
To address past delays, we partnered with a centralized audit firm and automated most of our audit and compliance tracking processes. Thanks to these changes, we’ve actually delivered audits ahead of schedule for the first time in Syncron’s history.
Will Syncron be seeking FedRAMP compliance?
At the moment, we don’t have immediate plans to pursue FedRAMP compliance since we’re not serving government customers. That said, our automated audit system shows that we’re already partially compliant. If the need arises—if customers start requesting it—we can quickly ramp up our efforts in that area.
And what about TISAX certification?
TISAX certification is becoming increasingly important, especially in the German automotive industry. We recently conducted a TISAX self-assessment, and the results were very promising. Based on that, we’re planning to leverage our existing approach to achieve full TISAX certification in the near future.
“AI is absolutely integral to our operations.”
You mentioned AI, what is the role of it in Syncron’s compliance and security processes?
AI is absolutely integral to our operations. It helps automate the collection and verification of evidence for audits. For instance, it can identify discrepancies between systems like Active Directory and Workday to ensure we’re compliant across multiple data sources. This not only reduces the workload for our team but also improves accuracy and consistency.
How does the AI-driven audit process work, and what are the benefits?
Our AI-driven system automatically checks samples from different systems to spot inconsistencies. This drastically reduces the amount of manual work required while improving the reliability of compliance data. The result is faster audits and more accurate, up-to-date compliance information ready for submission to auditors.
You also mentioned a “single control library.” Can you explain how this benefits customers?
The single control library centralizes all our compliance controls and maps overlapping requirements from different standards. This means we can handle compliance tasks more efficiently, avoiding duplication of effort. For customers, this translates to faster, more reliable compliance reporting with minimal disruption to their operations.
That sounds fantastic. What is the significance of the new “Trust Centre” that Syncron plans to launch in 2025?
The Trust Centre will be a centralized online portal where customers can access all of Syncron’s compliance information. It’s modeled after similar tools used by industry leaders like Microsoft and Amazon. By making this information readily available, we’re promoting transparency and building even greater trust with our customers.
Thank you very much, Alex!