Planday – ISAE 3000 | SOC 2

Summary
Planday is a technology company that helps businesses move away from cumbersome, manual scheduling processes, and into ways of working that make the interaction between hourly employees and their workplaces real-time and collaborative. Operating across the UK, Europe, and the USA, with over 200 employees and driven by a growth-centric business model, it was important to look at obtaining the ISAE 3000 assurance report. This report is a demonstrable commitment from Planday to its customers and other stakeholders about the importance of data privacy and the value of information and cybersecurity in their strategy, governance, and their day-to-day operations. 

For example, many of Planday’s customers are Kommunes, the political jurisdictions in Denmark. Kommunes require that their third-party suppliers are able to demonstrate that independent controls are in place for IT security and validate the integrity of systems to ensure the confidentiality and privacy of the information processed by that system.

Risklane offers services in the field of information security, risk management, and governance. In addition to advisory services and risk sourcing, Risklane offers software (SaaS) solutions that enable organizations to implement complex standards independently. Both solutions are focused on managing risk and improving performance. Risklane provides solutions for the management of risks and the implementation of ISAE 3402 (SOC 1), ISAE 3000 (SOC 2), ISO 27001, and ISO 9001.

Challenge
Planday has been engaging with Risklane since 2018, with the introduction of GDPR. Planday acknowledged the professional skill set that Risklane brought to the table and in early September 2020, Planday engaged with the team at Risklane to identify the existing processes and review all requirements against the SOC 2 control framework. Risklane’s team – Koen van der Aa, Vincent Man, and Bart van Wijck – were engaged and committed to helping Planday through every step of the process. They helped Planday understand how to align processes to the control framework effectively, and how to evidence their risk management framework and strategy accordingly.  

Solution & results
Through an extensive series of interviews and workshops with the Risklane team, Planday was in a good place and ready for the full audit to commence on November 4, 2020. Planday has successfully implemented SOC 2 which helps them to demonstrate continuous improvement by iterating over their processes, strengthening their risk management, and informing their information and cybersecurity strategy and roadmap for 2021. In May 2021, Certicus Ltd. performed the SOC 2 Type II audit successfully.