More than a decade ago, Pratum helped a small marketing company then known as Colorfx pursue its first-ever SOC 2® report. With access to thousands of mailing addresses and other consumer information, the company’s reputation and future contracts relied upon proving its commitment to managing personally identifiable information (PII) securely.
Looking back, that first SOC 2® effort now looks like the foundation laid for a skyscraper. In the years since, Colorfx has grown into the Des Moines-based Mittera, with more than 2,000 employees and 16 acquisitions under its umbrella. As one of the nation’s top integrated marketing firms, Mittera offers clients integrated services including printing, mailing, content creation, data strategies and overall marketing plans. Today, the company maintains offices and plants in 12 states.
During Mittera’s rapid expansion into an enterprise-level organization, Pratum has been a constant in the company’s strategy. Ten years ago, Mittera hired Pratum as its vCISO, and Pratum’s consultants have provided guidance ever since on:
- SOC 2® compliance for new locations
- Integrating purchased companies into the security strategy
- Vetting partners’ security
- Answering clients’ security questionnaires
- Managing cyber insurance changes
A vCISO’s Long-Term Value
Even after massive growth, Mittera continues to utilize Pratum’s vCISO service rather than hiring an in-house CISO. VP of IT, Stephanie Kempf, cites two key reasons for maintaining the relationship currently led by Pratum vCISO Matthew McGill:
- Cost savings – “It would take a team of security professionals inside Mittera to duplicate what we get from Pratum. It’s not just Matthew. We can take advantage of all the skills and experience at Pratum. The cost to add all those capabilities in-house would be exorbitant.”
- Credibility – “It is advantageous for us to tell customers that we partner with a third-party security firm who takes a hard look at us and our processes and procedures.”
A key Pratum advantage is its ability to translate security messages into terms that make sense for every level of Mittera’s team. “Pratum’s consultants can interact with people from the CEO to the most technical network security engineers on the IT team,” Stephanie says.
Turnkey Responses To Security Requests
Pratum’s support has been especially crucial in managing a rising challenge for nearly every company: the flood of compliance questions from customers and insurance provides. Matthew from Pratum has created a set of standard answers that he uses to quickly respond to new questionnaires that arrive each week. In Mittera’s workflow, security questions automatically go to Pratum, with Stephanie’s team getting involved only as needed. “It’s completely hands-free and truly about as seamless as you get,” Stephanie says.
Matthew says, “We free up the IT team from security issues because we’re bringing in a specific security expert who knows how to work with these auditors. I live in the security questionnaire world, so I know what they’re trying to ask, and I know the language they’re looking for.”
As Mittera began documenting its security policies, they realized they had created an important sales tool. Matthew helped write a “Commitment to Information Security” document that the sales team now uses to establish a clear difference between Mittera and competitors with less mature data security programs.
“We have found that this one tool—just putting it on paper and sharing it with customers—diminishes customers’ fears greatly,” Stephanie says. “As we move into new markets, it’s becoming exponentially more important to prove that we’re protecting data.”
Evolving SOC 2®
Mittera’s SOC 2® journey began long ago, but every company that has gone through the process knows that it’s ongoing. Mittera’s SOC 2® efforts currently focus on bringing additional facilities into SOC 2® compliance, and Pratum’s partnerships have provided added value. Because Pratum and the accounting firm LWBJ have worked together on preparation and audit services for scores of SOC 2® engagements, Mittera experiences a smooth process between the teams. “I feel like all three teams are in it to win it together,” Stephanie says.
With Pratum’s help, Mittera is currently implementing a plan that will bring any new facility into SOC 2® compliance within the first year of joining the company.
Faster, More Secure Integrations
As Mittera manages a steady stream of acquisitions, the IT team must regularly integrate new systems arriving with unknown security postures. Pratum has helped develop policies to accelerate that process while maintaining security.
“In our latest acquisition, we did things we never would have done previously without Pratum’s help,” says Brian Cupp, Mittera’s director of IT systems and network. “For example, we deployed our antivirus solution on Day 1 this time, getting it in place even before we connected the rest of the networks together.”
Looking back on how Mittera has successfully scaled its work with Pratum, Stephanie encourages business leaders to consider how that kind of outsourcing can free up resources for other projects.
“Whether you work with Pratum on a small partnership or a very broad partnership, you will lift so much weight off your company’s shoulders by getting it to specialists,” she says. “We don’t have those skills on our team, and we’ll never choose to have those on our team because we have Pratum as a partner."