.svg){kind=logo}
When Fragment Data Technologies, an AI data infrastructure company building for the enterprise, started moving upmarket, security stopped being a "nice to have" and became the first serious checkpoint in every deal.
Prospective customers weren't only asking what Fragment Data could build. They wanted assurance that the company could protect sensitive data, tightly control access, and pass formal vendor reviews without friction.
The founding team, Pranav Mulgund (CEO) and Naveen Kashyap (CTO), already operated with strong security habits. AWS was locked down. MFA was enforced. Access controls were in place. But enterprise buyers don't buy habits. They buy evidence.
To sell to larger customers without slowing down engineering or hiring a full-time compliance lead, Fragment Data partnered with ComplyJet to formalize its controls and implement a structured compliance program across SOC 2 and ISO 27001.
Let's take a closer look at Fragment Data, what they built, and how they moved from ad-hoc security explanations to enterprise-ready proof.
Company Overview
Fragment Data Technologies builds modern data infrastructure designed for the AI era. Their platform supports fast-moving teams working with AI workloads where reliability, traceability, and security are non-negotiable.
As enterprise conversations accelerated, a new challenge emerged: proving security maturity in a way procurement and risk teams would quickly accept.
Documentation lived in multiple places. Evidence collection was manual. And every new prospect triggered another round of "walk us through your security posture" calls.
Fragment Data needed a way to convert what they were already doing into a repeatable, audit-ready story, without pulling founders away from product and customers.
Challenge
Fragment Data was engaging with enterprise prospects that required formal security validation before moving forward.
As those conversations became more serious, expectations became more formal. Buyers wanted:
- Verified SOC 2 compliance
- A clear path to SOC 2 Type II for ongoing assurance
- A roadmap for ISO 27001 certification
- Evidence that controls were operating consistently over time
For a small team, this is where things usually break. The work becomes manual. Evidence gets scattered. Controls get interpreted each time differently. And compliance starts competing directly with product velocity.
Fragment Data couldn't afford that tradeoff. They needed compliance to run as a system, not as a side project.
The Environment
Fragment Data's foundation included:
- AWS for production infrastructure and security controls
- GitHub for code, version control, and engineering workflows
With fast shipping cycles and increasing enterprise scrutiny, compliance couldn’t be treated as something to “catch up on later.” It needed to be continuously visible and ready to validate at any point.
The Turning Point
Fragment Data partnered with ComplyJet to centralize compliance and eliminate the guesswork that usually slows teams down.
Instead of answering security questions from memory and patchwork documentation, they gained:
- A structured control framework mapped directly to AWS and GitHub
- Automated evidence collection that removed manual chasing
- A single, organized repository for policies, controls, and audit artifacts
- Support coordinating the audit process end-to-end
This shifted compliance from reactive to repeatable. Security stopped being something they had to “explain.” It became something they could demonstrate.
The Solution
ComplyJet helped Fragment Data operationalize their security posture with a system designed for lean teams.
Automated workflows
- SOC 2 Type I readiness is connected directly to their real environment
- Continuous monitoring to support SOC 2 Type II readiness
- Evidence collection without spreadsheets and screenshots
Centralized evidence
- One source of truth for controls, documentation, and audit trails
- Mapping across SOC 2 and ISO 27001 to avoid duplicated work
Hands-on support
- Practical guidance on control interpretation and implementation
- Audit coordination, including scoping, evidence mapping, and auditor requests
- Readiness checks to keep timelines predictable
Instead of turning the founders into compliance operators, ComplyJet acted as an extension of the team, keeping progress moving while the company kept shipping.
The Impact
With ComplyJet in place, Fragment Data established formal compliance proof without adding headcount or slowing down product development.
Clean report, zero findings
They received a SOC 2 Type I report with zero findings, within weeks of kickoff.
Tens of hours back
No compliance hire. No expensive consultants. Automated evidence, along with the AI agent, carried the heavy load.
One framework turned into three
SOC 2 Type I → SOC 2 Type II → ISO 27001, within five months. ISO 27001 was an add-on, not a restart.
Security stopped slowing down deals
With a Trust Center and an audit report, they moved from explaining security posture on calls to sharing a link and moving on.
The upgrade happened in Slack
This part matters. The CTO asked in Slack: “Do we have SOC 2 Type II yet?” We shared the order form. It was signed the same day. That's what happens when the first experience is low-friction, and the team trusts you.
Timeline
A clear path from onboarding to multi-framework readiness:
- September 2025 – SOC 2 Type I kickoff
- October 2025 – Evidence review completed
- October 2025 – SOC 2 Type I report issued with zero findings
- October 2025 – Trust Center launched
- February 2026 – ISO 27001 added
- February 2026 – SOC 2 Type II started
Customer Testimonial
Looking Ahead
Fragment Data now uses ComplyJet not just to complete audits, but also to stay continuously ready as it scales to meet increased enterprise demand.
As new systems, vendors, and controls are introduced, evidence stays up to date without becoming manual work. Internal reviews are clearer. External validation is faster.
When the next enterprise buyer asks for proof, Fragment Data doesn't scramble. They're ready.
With ComplyJet in place, security is no longer a blocker to growth.
It's built into Fragment Data's operations.
