We are thrilled to announce our next-generation billing and revenue automation platform has successfully completed an audit established by the American Institute of Certified Public Accountants (AICPA) to certify its SOC 2 compliance. This audit means we have the controls necessary to deliver enterprise-quality software for our global customers. Our clients can rest knowing their order-to-revenue workflow is underpinned by the highest quality standards.
Ordway’s SOC 2 audit verifies that an independent accounting firm reviewed and tested the company’s internal controls and confirmed that they meet the AICPA’s rigorous requirements for security, availability, and processing integrity. In this case, we worked closely with Aprio, LLP, a nationally recognized, CPA-led business advisory firm to conduct the audit. We're proud to say that Ordway achieved this accreditation!
Security, availability, and processing integrity are foundational for a billing and revenue automation platform
The Ordway billing and revenue automation platform is a flexible bridge between your CRM, business systems, and general ledger that actually accomplishes all the billing and revenue management tasks in between. By taking on such an important set of processes for your business, the Ordway system has to operate with utmost accountability to you and your stakeholders. The best way for us to do this is through a combination of our new approach to order-to-revenue automation, and our demonstrated control set which ensures we are operating effectively.
Ordway’s CTO Dax Abraham is always reminding us that keeping our customers’ data safe and secure is our highest priority. That is why he and the team instrumented a set of software development controls that mitigate risk and produce innovative, agile, and turnkey solutions for our customers.
That said, it isn’t just about software development. It comes down to an organizational mindset, from the top to the bottom, that is constantly aware of potential risk and striving to reduce or eliminate risk in all forms. Many of our Ordmates (what we call each other) who focus on tasks ranging from customer success to sales engineering come from “the Big 4.” As a result, controls, risk mitigation, and integrity are ever present in everything we do.
3 tips for managing your SOC 2 process (especially if you are running a lean, efficient organization like Ordway)
- Engage with a top firm for audit. You may pay a little more, but the quality of the guidance, coaching, and advice is worth it. In our case, Aprio had a structured approach to both help us document controls, as well as organize feedback and evidence gathering and testing. This saved us countless hours and stopped us from trying to “reinvent the wheel.” I’m sure they would be happy to walk you through their approach.
- Explore the build vs buy equation for asset management. We decided to invest in Rippling software (just for their IT/hardware management capabilities). We quickly standardized logical access controls, hardware configurations, antivirus protection, and hard drive encryption through their service. Standing up a team, or part of a team, to keep track of all of this doesn’t make sense for us. All we want to do is help solve customers’ sales-to-finance process inefficiencies to accelerate their order-to-revenue flow.
- Go as fast as you can, but not faster. Try to pace the project with regular check-ins and milestones. You want the team managing the project to celebrate mini-milestones along the way instead of trying to cram everything due to an impending deadline. Internal controls take time to develop and you can’t rush greatness.
Today’s SOC 2 attestation is just one more step towards achieving our goal of empowering Ordway customers to say ‘yes’ to more business, eliminating unforced errors, moving 70% of people off billing, closing the books up to 90% faster, and making decisions quickly with accurate revenue insights.