.svg){kind=logo}
.png)
When ImpactCraft, an AI-powered customer success platform, began landing serious conversations with enterprise customers in the US, one thing kept coming up: SOC 2.
ImpactCraft had built something genuinely valuable — an AI platform that automates long-tail account management where human CS coverage isn't economically viable. Their founder, Girish Phansalkar, a former McKinsey partner from the sales and marketing practice, understood exactly how enterprise buying decisions worked. And he knew that in 2025, security credentials were table stakes.
When a major US account opportunity came in — one where ImpactCraft was the clear front-runner — the only concern raised was the absence of a SOC 2 certification. The deal was real. The timeline was tight. The team needed to move fast.
The Challenge
ImpactCraft had solid security fundamentals. Their platform ran on Azure with a dockerized setup, used Bitbucket for source control, and leveraged Microsoft 365 for identity management. The foundations were there — but compliance readiness isn't the same as good security habits.
When they assessed their platform readiness, engineering was at roughly 50%. Policies weren't documented. An MDM provider wasn't in place. Several Azure diagnostic tests were failing. And there was no structured audit process or audit partner to work with.
Hiring a compliance team wasn't an option for a bootstrapped startup. And using a legacy tool like Vanta or Drata would have meant high per-seat costs and a slow, painful setup. They needed something that could move at startup speed — with real human support to help them cross the finish line.
Why ComplyJet
ImpactCraft chose ComplyJet for three reasons: native integrations with their existing stack (Azure, Bitbucket, Microsoft 365), a guided compliance workflow that gave the team clear tasks without needing a dedicated compliance person, and audit-bundled pricing that made the full SOC 2 journey affordable on a startup budget.
Getting set up was fast. Integrations were live the same day. Within hours, the platform had mapped ImpactCraft's existing controls, surfaced failing tests, and laid out a clear remediation path — so the team knew exactly what needed to be done, and in what order.
The Journey
Over the following weeks, ImpactCraft's engineering lead worked through the platform's task recommendations — fixing Azure diagnostic settings, setting up an MDM provider for device management, completing 15 security policies through ComplyJet's policy wizard, and conducting access reviews. ComplyJet's support team was available throughout via Intercom, with response times under 30 minutes.
Once the platform reached audit readiness, ComplyJet connected ImpactCraft with an independent auditor for their SOC 2 Type 1 audit. Evidence was organised inside the platform, the auditor had direct access, and the team didn't need to scramble for documentation.
The final SOC 2 Type 1 report was delivered in a few weeks.
The Results
ImpactCraft walked away with a completed SOC 2 Type 1 report, a live Trust Center to share with prospects, and a compliance program that monitors controls automatically — without any dedicated compliance headcount.
The enterprise deal that had been stalled by the absence of a SOC 2 report was now unblocked. And with their compliance program in place, ImpactCraft had a clear path to SOC 2 Type 2 and ISO 27001 when the next enterprise requirement came in.
"Thank you for guiding us through this journey."
— Girish Phansalkar, Founder & CEO, ImpactCraft
