Overview

When Group 1001 set out to build a proprietary annuity processing platform from the ground up, they weren’t just investing in new technology, they were redefining how their business operated. Their platform, built on a modern technology stack and powered in part by artificial intelligence, represented a significant leap forward in processing speed, accuracy, and scalability. But with that innovation came a new set of compliance demands.

To bring new clients onto the platform, Group 1001 needed to demonstrate the integrity and security of their controls through a SOC 2 examination. The challenge: there was no playbook for auditing a platform like this. They needed a partner who could meet them at the frontier of what they were building, one who understood both the technical complexity of their environment and the rigor of the compliance landscape.

That partner was Johnson Lambert.

Johnson Lambert’s relationship with Group 1001 began well before SOC 2 was on the horizon. The firm had been engaged to help assess whether the platform was ready for its initial go-live—a high-stakes “Day Zero” evaluation that required a combined team of IT and financial professionals to walk through all processes, identify gaps, and give management the information it needed to make a go/no-go decision. That foundational engagement established a level of trust and institutional knowledge that would prove essential as the platform matured and compliance requirements evolved.


Challenges

  • 01

    Defining Controls for a Modern Technology Stack

    Group 1001’s platform was purpose-built and highly sophisticated, incorporating artificial intelligence to process and move client transactions at a scale that would have been impossible with manual workflows. Defining controls and testing methodologies appropriate for this level of technological advancement required expertise that went well beyond standard frameworks.

  • 02

    No Pre-Existing Internal Control Inventory

    Because the platform was built from scratch, there was no legacy control environment to build upon. Johnson Lambert provided recommendations for internal controls to support each SOC 2 Trust Service criteria, outlined expected evidence requirements, and assessed the current maturity of each control—all while the platform itself continued to evolve.

  • 03

    Preparing People, Not Just Processes

    Achieving a clean SOC 2 examination isn't just about having the right controls on paper. It requires every member of the team to understand what consistent execution looks like, what auditors will be looking for, and how to respond to evidence requests. The client needed their personnel fully prepared for the rigor of the examination, not just their documentation.

  • 04

    Balancing Innovation with Compliance Readiness

    The client's team was simultaneously building, scaling, and operating a cutting-edge platform while trying to meet the demands of a formal SOC 2 examination. Johnson Lambert needed to deliver meaningful compliance support without disrupting the innovation momentum that makes the client's platform exceptional.


The Solution

Services

  • SOC 2 Readiness Consulting
  • Risk and Control Assessment
  • Mock Audit Testing
  • Incident Response / Tabletop Testing
  • Audit Provider RFP Support
  • Internal Audit Co-Sourcing

The Process

Johnson Lambert adopted a phased, partnership-driven approach to help the client move from compliance readiness to a clean SOC 2 examination:

  • 01

    Platform and Controls Assessment

    Building on its existing knowledge of the client's platform from the Day Zero engagement, Johnson Lambert conducted a thorough assessment of the controls environment. This included reviewing and updating process documentation and risk and control matrices, and identifying the evidence required to demonstrate the implementation and operation of each control. Where controls were immature or missing, Johnson Lambert provided practical, actionable recommendations on how to close the gaps.

  • 02

    SOC 2 Readiness Program

    Johnson Lambert worked side-by-side with the client to define the full scope of their SOC 2 program, identifying which Trust Services Criteria applied, mapping existing processes to required controls, and evaluating the current state of maturity against what a SOC 2 examination would require. This included navigating the nuances of auditing AI-enabled processes and change management practices within a modern cloud environment. When difficult messages needed to be delivered about control gaps or evidence deficiencies, Johnson Lambert did so directly and constructively — with the client's long-term success in mind.

  • 03

    Mock Audit Testing

    Before the formal SOC 2 examination began, Johnson Lambert conducted mock audit testing to simulate the experience of a live audit. This served a dual purpose: it validated the completeness and quality of the control evidence, and it trained the client's team on what to expect. Personnel learned how testing works, what auditors look for, how to present evidence effectively, and the importance of demonstrating consistent execution across the entire reporting period.

  • 04

    Incident Response and Tabletop Testing

    In conjunction with the SOC 2 program, Johnson Lambert facilitated tabletop testing exercises to assess the client's incident response capabilities. These sessions—valued so highly by the client's leadership team that they requested them on an annual basis—provided evidence of incident response testing while building organizational confidence in the client's ability to respond to real-world scenarios.

  • 05

    Audit Provider RFP and Examination Support

    Johnson Lambert helped the client develop a request for proposal to select an independent audit provider to perform the SOC 2 examination, ensuring the client entered the process with a full understanding of what to expect.

Working with Johnson Lambert was excellent from start to finish. They helped us work through every detail of what our controls needed to be, walking us through scenario after scenario as our platform evolved from where it was to where it needed to go. When we encountered controls that were more challenging, they didn't just identify the gap; they helped us think creatively about how to manage through them. They tested our processes with real rigor, and the result speaks for itself. Johnson Lambert was a true partner in every sense of the word.

Lindsay Fulmer

Chief Strategy Officer


The Results

Through a true end-to-end partnership—from platform assessment to examination support—Johnson Lambert helped this insurance technology innovator achieve what few organizations accomplish on their first SOC 2 examination:

  • A SOC 2 Report with Zero Exceptions

    After working through every stage of the readiness process, the client received a SOC 2 report with no exceptions noted — a result that reflects not only the strength of their controls, but the thoroughness of the preparation that preceded the examination.

  • A Compliance-Ready Team

    The client’s personnel entered the examination fully prepared. They understood the purpose of each control, could speak to consistent execution throughout the reporting period, and were equipped to respond to auditor questions with confidence. Compliance became an organizational capability, not just a project outcome.

  • A Platform Positioned for Growth

    With a clean SOC 2 report in hand, the client is now positioned to expand the platform’s reach — demonstrating to prospective clients and partners that their operations meet the highest standards of security and availability. The SOC 2 certification is a direct enabler of future business growth.

  • A Relationship Built for the Long Term

    The SOC 2 engagement was one chapter in a broader, ongoing partnership. Based on the quality and depth of Johnson Lambert’s work, the client selected the firm over competing national providers for its next major initiative: an enterprise-wide Business Impact Analysis and Business Continuity Planning project spanning 20 critical processes. The relationship continues to grow.


About Our Team

Johnson Lambert Business Advisory Services Partner Kim Mobley, CPA, CISA, CISSP

Kim Mobley

Partner

View Bio
Johnson Lambert Audit Partner Josh Keene, CPA

Josh Keene

Partner

View Bio

David Fuge

Chief Innovation Officer

View Bio

Carly Kanwisher

Senior Manager

View Bio