The challenge
A digital-lending NBFC needed SOC 2 Type II to close enterprise customer contracts. Their internal team had built a strong product but had never been through a formal audit. Existing security was ad-hoc — a few tools, no documented policies, no continuous monitoring.
What we did
- Gap analysis against SOC 2 trust services criteria (Security, Availability, Confidentiality)
- Drafted 27 policies and procedures with the leadership team — written for their actual operations, not lifted from a template
- Deployed Wazuh-based SIEM with 24×7 monitoring run from our SOC
- Implemented Okta for SSO + MFA across 40+ SaaS apps
- Endpoint protection rolled out (CrowdStrike) on all employee devices
- Ran tabletop incident response exercises with leadership
- Coordinated directly with the Big 4 auditor through the observation window
Results
- SOC 2 Type II achieved in 7 months with zero findings on first audit
- Three enterprise customer contracts (combined ARR ₹14 crore) closed in the quarter following certification
- DivergeiX continues to operate the SOC under a managed-services retainer
Tech stack
Wazuh Okta CrowdStrike AWS GuardDuty Vanta Slack
