Kintent Reviews

TrustCloud provides a clearly defined process for working through the compliance process. Very user friendly and a quick onboarding process. The recommendations and clearly defined tasks to follow make it a 'no-brainer'.

There were no significant downsides that we found.

The Compliance process is complicated with a lot different requirements. I've gone through the process without tools (but with consultants) and it's a very time consuming process. TrustCloud streamlines the overall process.

The TrustCloud product is well-designed, cleanly laid out, and efficient in terms of the UX and the associations it makes instantly between people - controls - platforms. We loved the easy integrations with our existing platforms. Super slick. Love, love our page we show to clients and prospects in the financial services space where SOC 2 and other regs and controls are key - so nicely laid out, makes us look professional even tho we're new to this compliance angle. In addition, the conversations we had with the sales, onboarding and even design teams were helpful. They were engaged, understood our needs and were very open to our feedback. Would recommend to others in an instant - and have already. Plus, the free to onboard and get going toward SOC 2 compliance is a game-changer for a cash-strapped early-stage startup like us. Will be using their consulting services later on to help in areas where we need the specialized expertise.

The only hiccups in our experience were around initial onboarding and setup.

We are new to the compliance space, and the information architecture and nomenclature - controls, policies, etc - was new to us. After the initial sales call to get us started, we thought we could be able to figure it out on our own. Not quite.

We could have used a more step-by-step guide to key steps given how inexperienced we are at this and needed for financial reasons to do the self-serve option - such as taking us through an interactive demo for each of the major tasks and explaining what some of the terms mean.

Last, we did have to reach out a number of times to the sales team to get a response to our requests for help. We did try looking through the content on the site - which is good - to teach ourselves, but it was a bit overwhelming. Webinars were not as helpful as they might have been. In the end, we needed a few more 1-on-1 sessions to answer specific questions, and then we were able to finish up from there.

1. The specific compliance controls and management we need for our industry - SOC 2 compliance, privacy controls, data access controls, meeting minimum regs

2. Speed to onboard. We are an early-stage startup with a small team, no compliance specialists, limited bandwidth but need to move fast. TrustCloud helped us in all these areas.

3. Makes us look professional which is key to establishing trust in our industry

4. Educates us on compliance, which we need, and gave us items and processes we have now added to improve our compliance posture in real life

As with many startup teams, we don't have a ton of compliance expertise... so being able to see what the "full package" of SOC2 preparation looked like, and why, was absolutely key. Once we figured out how to navigate the interface (complex, but no more than it needed to be in my opinion), it was very straightforward... and when we did need help, their team was there to help on just about every level.

Still a little bit unclear what is absolutely essential for SOC2 preparedness versus nice to have.

SOC2 preparedness, easy and clear + well-organized documentation to share with our eventual auditor.

TrustCloud gives me a simple queue of work to complete to maintain our compliance program. Once we were setup, maintaining our status was simple.

We still have some manual steps where integrations don't yet exist.

Meeting our compliance requirements for HIPAA and SOC2.

Easy to use interface that helps you understand the full scope of the certification process.

The system is missing certain integrations, though I feel this will come over time to automate certain "proof" tasks.

Preparing for SOC 2 compliance, while tracking all of our cloud assets and centralizing all the information needed for an audit.

Navigating the areas of TrustOps is simple, with predictable navigation and a clean interface. Notifications are clear and concise, with exactly the levels of granularity our organization needs.

I wish Policy and SOP documents contained tables of references that allowed us to easily see where one update or change would affect other, related documents, and navigate to them more easily.

We are pursuing various compliance certifications, which means documenting our processes more thoroughly than we had. It's not enough to have great practices; they must be clearly documented, trainable, and reproducible. We attempted to use solutions that were not purpose-built, but for the amount and types of documentation we need to manage, none of those options were feasible.

All the controls are in a single location with the ability to distribute ownership to the right person. This coupled with automatic scanning for compliance makes maintaining security a breeze.

Still a few items like risk management checklist that are maintained outside of the product. It would be super helpful to incorporate into Kintent.

Keeping our Security posture and commitments to our customers current which is a framework for ensuring we maintain a top knotch security program.

With Kintent you can take their prescribed InfoSec controls for your compliance needs and modify them to accurately reflect your implementation while still leveraging the automated testing and evidence gathering. Additionally, you can add your own controls and tie these to the correct criteria in the compliance frameworks that you use. The integrations are fantastic, as they can be configured to import evidence from your various systems for testing the controls. Finally, the notifications give timely reminders on your program and the dashboard gives you a quick status update on your program

Kintent has many integrations, but I would like more. I would also love to be able to write my own automated tests. This feature is on the roadmap, but I am impatient.

Kintent is helping us keep on track with our SOC2 compliance as OM1 scales, ensuring we can keep our teams focused on their day-to-day activities and not spending time doing compliance activities.

It makes very easy to track compliance controls, know your current state.

It reminds you in advance of maintenance tasks.

Pre-built policy templates for things we didn't have in place yet.

Integrations to different systems so that controls can be checked automatically instead of having to create evidence ourselves.

I like having a Kintent as the source of truth on our current compliance state. It's our Source of Trust. I can't even imagine how this was done with spreadsheets before.

Most importantly, their incredible support team and how they guided us through the journey of our first certification.

Nothing. We were delighted with the initial service from zero to certification and still are very pleased during the maintenance phase.

It helps solve the burden of tracking compliance controls and their status. Not only the controls but also the systems, vendors and policies that we need to keep fresh.

Most importantly for us, given that it was our first certification, it also helps you get started giving you a framework to rely on and prebuilt templates for things we didn't have in place.

Automated tests for systems through out-of-the-box integrations and mappings to compliance and security standards make it straightforward for startups and SMB to get their programs into Kintent.

The platform is opinionated, but I do not actually dislike this. GRC platforms can start to look like spreadsheets with a DIY/configure everything/maintains everything approach to cater to every business. Kintent takes the view that security programs should be documented and detailed in a particular way which works very well.. provided you are willing to use the pattern.

Kintent helps us ensure our security program is consistently applied, has distributed ownership across the company, and is regularly tested.