While certifications for security management practices like SOC 2 and ISO 27001 have been around for a while, the number of companies that now request that their software vendors go through (and pass) the audits to be in compliance with these continues to increase. For a lot of companies, that’s a harrowing process, so it’s maybe no surprise that we are also seeing an increase in startups that aim to make this process easier. Earlier this month, Strike Graph, which helps automate security audits, announced its $3.9 million round, and today, Secureframe, which also helps businesses get and maintain their SOC 2 and ISO 27001 certifications, is announcing a $4.5 million round.
Secureframe’s round was co-led by Base10 Partners and Google’s AI-focused Gradient Ventures fund. BoxGroup, Village Global, Soma Capital, Liquid2, Chapter One, Worklife Ventures and Backend Capital participated. Current customers include Stream, Hasura and Benepass.
Shrav Mehta, the company’s co-founder and CEO, spent time at a number of different companies, but he tells me the idea for Secureframe was mostly born during his time at direct-mail service Lob.
“When I was at Lob, we dealt with a lot of issues around security and compliance because we were sometimes dealing with very sensitive data, and we’d hop on calls with customers, had to complete thousand-line security questionnaires, do exhaustive security reviews, and this was a lot for a startup of our size at the time. But it’s just what our customers needed. So I started to see that pain,” Mehta said.
After stints at Pilot and Scale AI after he left Lob in 2017 — and informally helping other companies manage the certification process — he co-founded Secureframe together with the company’s CTO, Natasja Nielsen.
“Because Secureframe is basically adding a lot of automation with our software — and making the process so much simpler and easier — we’re able to bring the cost down to a point where this is something that a lot more companies can afford,” Mehta explained. “This is something that everyone can get in place from day one, and not really have to worry that, ‘hey, this is going to take all of our time, it’s going to take a year, it’s going to cost a lot of money.’ […] We’re trying to solve that problem to make it super easy for every organization to be secure from day one.”
The main idea here is to make the arcane certification process more transparent and streamline the process by automating many of the more labor-intensive tasks of getting ready for an audit (and it’s virtually always the pre-audit process that takes up most of the time). Secureframe does so by integrating with the most-often used cloud and SaaS tools (it currently connects to about 25 services) and pulling in data from them to check up on your security posture.
“It feels a lot like a QuickBooks or TurboTax-like experience, where we’ll essentially ask you to enter basic details about your business. We try to autofill as much of it as possible from third-party sources — then we ask you to connect up all the integrations your business uses,” Mehta explained.
The company plans to use much of the new funding to staff up and build out these integrations. Over time, it will also add support for other certifications like PCI, HITRUST and HIPAA.
The web of collaboration apps invading remote work toolkits have led to plenty of messy workflows for teams that communicate in a language of desktop screenshots and DMs. Tracing a suggestion or flagging a bug in a company’s website forces engineers or designers to make sense of the mess themselves. While task management software has given teams a funnel for the clutter, the folks at Jam question why this functionality isn’t just built straight into the product.
Jam co-founders Dani Grant and Mohd Irtefa tell TechCrunch they’ve closed on $3.5 million in seed funding and are ready to launch a public beta of their collaboration platform which builds chat, comments and task management directly onto a website, allowing developers and designers to track issues and make suggestions quickly and simply
The seed round was led by Union Square Ventures, where co-founder Dani Grant previously worked as an analyst. Version One Ventures, BoxGroup and Village Global also participated alongside some noteworthy angels including GitHub CTO Jason Warner, Cloudflare CEO Matthew Prince, Gumroad CEO Sahil Lavingia, and former Robinhood VP Josh Elman.
Like most modern productivity suites, Jam is heavy on integrations so users aren’t forced to upend their toolkits just to add one more product into the mix. The platform supports Slack, Jira, GitHub, Asana, Loom and Figma, with a few more in the immediate pipeline. Data syncs from one platform to the other bidirectionally so information is always fresh, Grant says. It’s all built into a tidy sidebar.
Grant and Irtefa met as product managers at Cloudflare, where they started brainstorming better ways to communicate feedback in a way that felt like “leaving digital sticky notes all over a product,” Grant says. That thinking ultimately pushed the duo to leave their jobs this past May and start building Jam.
The startup, like so many conceived during this period, has a remote founding story. Grant and Irtefa have only spent four days together in-person since the company was started, they raised their seed round remotely and most of the employees have never met each other in-person.
The remote team hopes their software can help other remote teams declutter their workflows and focus on what they’re building.
“On a product team, the product is the first tab everyone opens and closes,” Grant says. “So we’re on top of your product instead of on some other platform”