Written by: Aaron Pries, Technology Consultant

In today’s business landscape, achieving SOC 2 compliance is not just about checking off a regulatory box—it’s about ensuring the security and integrity of sensitive data while building trust with customers and stakeholders. BridgePeak Energy Capital, a growing financial services company, recognized the need for a strong security framework to meet industry standards and customer expectations. Shawn Andrews, Owner of BridgePeak Energy Capital, has now launched his second business that maintains SOC compliance. He understands the critical role compliance plays in earning customer trust, as well as the significant effort required to achieve it. Having worked with Xamin since 2012, Shawn returned to partner with us once again for his newest business venture.

The Challenge: Navigating the Complexities of SOC 2 Compliance

BridgePeak needed to achieve SOC 2 compliance to assure their clients and partners that their security controls met the highest standards. However, the process of preparing for an audit and implementing the necessary controls can be daunting. The company faced several challenges, including:

• Formalizing and testing their backup strategy
• Auditing and enhancing organizational policies and procedures
• Highlighting the strength of their security controls and incident response measures
• Conducting vulnerability scans and risk assessments

Recognizing these opportunities, BridgePeak reached out to us to help them navigate the compliance hurdles efficiently and effectively.

Xamin’s Approach: A Tailored Roadmap to Compliance

We assessed BridgePeak’s security posture and developed a practical roadmap for achieving SOC 2 readiness. Their approach included:

1. Security Assessment: We conducted a comprehensive gap analysis that not only documented their existing security strengths but also highlighted additional, cost-effective controls to bolster their defenses and create a layered security framework that enhances resilience against evolving threats. By building on these strong foundations, we prioritized remediation efforts to enhance their overall security posture while reinforcing what was already working well for ultimate efficiency.
2. Policy & Procedure Development: We worked closely with BridgePeak to implement additional security policies aligned with their SOC 2 requirements.
3. Technical Enhancements: T The team recommended several security controls enhancements to complement their existing security controls including multi-factor authentication, backup enhancements and testing, and VPN hardening configurations.
4. Audit Readiness Support: We assisted BridgePeak in preparing audit documentation and stood by ready to assist with auditors for real-time support.

Beyond SOC 2: Strengthening Security and Cyber Threat Readiness

As we collaborated with BridgePeak, we recognized opportunities to build upon their strong security foundation with additional enhancements to further fortify their cyber resilience. Embracing a proactive approach, BridgePeak confidently expanded their scope to address:

• Data Store Architecture: Redeveloping their SharePoint cloud storage architecture to better align with Microsoft’s new security recommendations and enhance permission auditing.
• Branding Refresh: BridgePeak (formally Palmetto) updated their company name and branding to distinguish themselves as a leader within the industry and also enhance their market presence. We assisted in transferring their domain and digital assets to their new brand identity to ensure a seamless user experience and minimized productivity loss.
• Cyber Insurance Readiness: With the necessary enhancements implemented, our experienced Client Experience team assisted BridgePeak in successfully completing their cybersecurity insurance renewal verifications to the ensure the company remains fully covered and compliant with current insurance requirements.
  
  

The Results: A Stronger, More Secure Future for BridgePeak

With our help, BridgePeak has made significant progress with their SOC 2 compliance journey, laying a solid foundation for their certification, and enhancing trust with clients and regulatory bodies. Their strengthened security framework has positioned them for long-term success by:

• Bolstering their cybersecurity culture and minimizing the risk of data breaches
• Enhancing operational efficiency through improved security policies
• Positioning the company for potential reductions in cyber insurance premiums by demonstrating strong risk management practices

BridgePeak’s journey with us highlights how a strategic approach to compliance readiness can go beyond preparing for an audit—it can drive meaningful security enhancements that safeguard an organization’s future and foster a strong partnership in technology as the world of cybersecurity continues to evolve.

Whether your company is just beginning its compliance journey or working to strengthen its cybersecurity posture, partnering with our experts can make all the difference. Talk to us today about how we can partner together to help you achieve your technology and compliance goals!

Connect with Xamin