Case Study: SOC 2 Compliance for
Destwin Energy Systems

Cybersecurity | GRC Platform

Achieving Security Excellence: SOC 2 Compliance for Destwin Energy Systems

The purpose of this INT Flex Security project was to achieve SOC 2 compliance (with a focus on the ‘Security’ Trust Service Criteria) for Destwin Energy Systems (Destwin). This initiative was a strategic expansion of Destwin’s security landscape, adding security compliance to the previous successful implementation of PCI-DSS compliance. The result reflects a holistic approach to data security and standards adherence.

The Client:

Destwin Energy Systems, a provider of Cloud-based SaaS solutions for Energy Marketers, is renowned for its flagship product, the Destwin® Fuel Dealer Solution™(FDS). Since its introduction in 2006, FDS has evolved to offer comprehensive services, including account management, bill payments, transaction reviews, and fuel ordering, necessitating stringent data security measures.

The Problem:

Following the successful PCI-DSS compliance, which focused on secure payment processing, Destwin recognized the need to further bolster their data security framework. The goal was to achieve SOC 2 compliance, a critical step in ensuring that they were aligned with industry security standards and that their clients’ data was managed in a secure way. This was especially important due to the sensitive nature of their clients’ data.

The Solution:

INT piggybacked off the resources and experience gained from the PCI-DSS compliance project. The team, in collaboration with Client’s staff, undertook the following steps: 

  • Partnered with the GRC (Governance, Risk, and Compliance) platform vendor, Vanta, and a SOC auditor, similar to the strategic alliances formed during PCI-DSS compliance. 
  • Implemented a new GRC platform, integrating it with the existing compliance processes. This integration utilized resources from previous compliance initiatives, such as security policies and penetration testing results, to enhance SOC 2 compliance readiness quickly and efficiently. 
  • Conducted SOC 2 audit preparedness activities, including documentation management and alignment of data security practices with industry standards, while utilizing insights from the PCI-DSS compliance process. 

The Results:

Destwin successfully achieved SOC 2 compliance with no critical issues identified during the audit. This accomplishment not only enhanced their data security practices but also demonstrated their continued commitment to aligning with industry standards. Building on the foundation laid by the PCI-DSS compliance, this achievement significantly boosted client confidence in their business practices, solidifying their reputation for data security and client trust.