How Anam Unlocked Growth with SOC 2

Anam, an AI platform creating photorealistic digital personas, hit a wall when enterprise procurement teams viewed SOC 2 as a baseline requirement for doing business. As they entered RFP processes, "Do you have SOC 2?" became a recurring question that couldn't be ignored.

Rudy Wilson-Evans, GTM Ops Lead at Anam, explains that being unable to say "yes" created unnecessary friction. "We'd built a product that enterprises wanted, but the honest answer of 'not yet' was either disqualifying us or adding a perception of immaturity in a new market where we wanted to speak from a position of strength," says Wilson-Evans.

The Solution: SOC 2 Compliance

To clear the procurement hurdle and ensure they can answer "Do you have SOC 2? with a definitive "Yes," Anam partnered with Workstreet.

“This was my first time leading a SOC 2 process rather than just contributing to one, and having Workstreet alongside us made an enormous difference" says Wilson-Evans.

"Workstreet are genuine partners who understand that a fast-moving startup can't pause product development for compliance," Wilson-Evans adds. "They helped us find practical ways to maintain strong controls while still shipping quickly."

The Result: Unlocking Pipeline

Achieving SOC 2 has removed the primary friction point in enterprise sales calls. “Now instead of spending the first 20 minutes of a procurement call explaining why we don't have SOC 2 yet, we can spend that time talking about what our product actually does,” says Wilson-Evans.

The strides Anam took to achieve SOC 2 compliance will also help the business achieve further compliance milestones. “There's significant overlap with ISO 27001 and HIPAA, which several enterprise prospects have specifically asked about. Getting SOC 2 done properly means the next certification should be a lighter lift,” explains Wilson-Evans.

Advice from Aman’s SOC 2 Journey

For other startup teams looking to level up their compliance,  Wilson-Evans offers two pieces of advice. 

First, automate evidence collection. “Set up automated evidence collection from day one of your observation period, not halfway through when you realize you're scrambling to pull screenshots retrospectively,” he explains.

Secondly, audit your existing processes. During its compliance journey, Anam discovered that most of what its engineering team had built (release processes, lab environments, and access controls) already aligned with SOC 2. 

“We just needed to tweak vs overhaul, " notes Wilson-Evans. “I spent the first few weeks worried about uncovering massive gaps, when in reality the foundation was already there. Compliance was more in our DNA than I'd given us credit for.”