Why We Partnered with Rippling - and What It Means for Your SOC 2 Audit

As independent auditors, we've sat across the table from thousands of companies preparing for their SOC 2. And we'll be honest: the audit itself is rarely the hardest part. The hard part is everything that comes before it — the scramble to pull evidence, the gaps in controls that only surface under scrutiny, and the months of back-and-forth that follow.

That's exactly why we're excited to announce our partnership with Rippling as an independent audit firm for their newly launched Rippling Automated Compliance platform.

What Makes Rippling Different

We’re extremely careful about which platforms we partner with. As a CPA firm, our credibility depends on maintaining independence. What impressed us about Rippling's approach is that compliance is built around what companies are already doing — not a bolted on check-the-box scramble to collect evidence.

Most compliance platforms require significant setup before they can collect a single piece of evidence. A company needs formalized processes in place related to system provisioning, device security, training, and people management all wired together first. Rippling already is that infrastructure for many companies, which means the evidence Rippling can provide is rooted in real company operations.

From where we sit, that changes the audit experience meaningfully. Rippling clients provide us with well-organized, continuously collected evidence. Which means they’re better positioned to respond promptly to evidence requests and they’re able to present complete and observable evidence from the beginning. Of course every company and audit is distinct, but RIppling provides our clients with a strong foundation for procuring and presenting the evidence we need.

Our Role in the Process

Rippling guides companies through evidence collection and control implementation. Our role, as always, is to serve as the independent third party — sampling that evidence, testing controls, and issuing a trustworthy SOC 2 report that a company’s customers and prospects actually rely on.

Independence matters more than ever before. A SOC 2 report only carries weight when it comes from an auditor with no stake in the outcome. That's us, and that's the relationship we've built with Rippling: They guide companies to collect the needed evidence, and we independently audit that evidence to write our opinion.

Who This Is For

Rippling is starting with the SOC 2 framework, and we've already worked with a cohort of their customers to complete their reports. New frameworks are coming soon, and we're excited to be part of the journey.

We're excited for what this means for the GRC industry and the companies getting compliant moving forward. Rippling helps companies collect evidence of how their company already operates. They guide early startups through setting up secure and automated processes that avoid data vulnerabilities. 

We're continuing to do what we've always done. We audit a company's data and write an independent report. Rippling reduces the back-and-forth so we can focus on our work.

Ready to Learn More?

As an independent CPA firm, we’re here to perform your next audit. Reach out to Johanson Group team to get started.