The Company: Pioneering a New Approach for Learning Operations with The LearnOps® Platform 

Cognota is a Toronto-based SaaS company building the world’s first LearnOps® platform to help learning and development (L&D) teams unlock their full potential. Their software provides teams with the operational backbone needed to manage projects, support business priorities, and standardize training intake. 

In a market filled with learning content providers and learning management software (LMS) platforms, Cognota is pioneering a new approach with LearnOps®, the first learning operations platform. It consolidates the work of talent and learning development teams into a single platform. Instead of tasks living across a patchwork of different tools, everything is centralized in one place.  

This centralization – paired with the metrics the platform provides – directly solves many problems teams traditionally face and allows leaders to make data-informed decisions: 

“That’s what our software is built to do – solve problems for learning teams. We’ve created this LearnOps space ourselves.”

– Andrew O’Hoski, Director of IT Operations 

With ~35 employees, Cognota is lean compared to larger players. But their vision required the same level of trust and security as large vendors. As they expanded their market presence, meeting compliance expectations became a necessity.

The Challenge: Meeting Client Expectations Without In-House Security and Compliance Support

Cognota’s growth accelerated as more companies recognized the value of their platform. With growth came the expectation to meet industry-standard frameworks like SOC 2. 

Buyers needed assurance of Cognota’s security posture before investing in the software and handing over their data. While the company had some level of security and compliance support, they quickly realized that the process was too cumbersome to manage without additional support. 

The responsibilities to attain SOC 2 Type 2 attestation span a range of subfields. Expertise in security, risk management, vendor oversight, compliance reporting, and audit preparation and coordination is a necessity. For smaller organizations like Cognota, both the depth and variety of experience needed to support the process can stretch internal bandwidth. 

Every SOC 2 requirement had to be tracked and documented. They needed a way to move fast and fill in the pieces for 1) evidence collection and tracking, 2) manual implementation of security controls and closure of gaps as needed, and 3) navigating the auditor ecosystem and engaging a trusted partner for their audit. 

This led them to seek out external expertise from three vendors who worked seamlessly together to ease the stress and get them across the finish line for their audit. 

The Solution For Cognota: A Partnership Approach to Security and Compliance with Industry Leaders Rhymetec, Drata, and A-LIGN

Cognota partnered with industry leaders Rhymetec, Drata, and A-LIGN for external support. Each partner played a distinct role in helping the company meet its security and compliance goals.

Rhymetec stepped in with vCISO services, providing both strategy and tactical support. Acting as an extension of their team, Rhymetec guided Cognota through every phase of their SOC 2 journey. A gap assessment was followed by evidence collection, security control implementation accomplished by the vCISO working closely with their team, full audit readiness, and finally, long-term compliance planning. The continued support from their Rhymetec vCISO goes beyond a one-time, ‘check-the-box for your audit’ approach:

“It’s helping us maintain our compliance and update evidence in a timely manner, so we’re not panicking about it in six months. It’s helping with a lot of internal processes and maintaining compliance without making it daunting.”

– Andrew O’Hoski, Director of IT Operations 

Leveraging Drata provided a trust management platform that replaced spreadsheets and manual checklists. It became the central hub where Cognota could present evidence in a way that auditors would expect and appreciate:

“It’s made my life easier just having those automations in place. Everything’s checked off, everyone’s compliant, and I don’t have to manually look up new controls.” 

– Andrew O’Hoski, Director of IT Operations 

All of their evidence and progress were clearly tracked in one central place with Drata, which streamlined the entire process. Meanwhile, their Rhymetec vCISO stepped in at every phase of the journey to help them get set up in Drata and continue to collect evidence and implement controls as needed. 

Before engaging Drata and Rhymetec, Cognota’s compliance process was largely manual, involving an assortment of complicated spreadsheets and saving evidence in Google Drive. The need for a more organized system was apparent. Drata clarified where evidence was located and which controls it was tied to. 

A-LIGN, as the independent auditor, brought credibility and thoroughness to the final SOC 2 report. The audit process was efficient due to the compiled evidence provided through Drata’s platform, the audit preparation conducted by Rhymetec, and A-LIGN’s high level of service. In addition to their expertise, A-LIGN’s reputation in the industry as a trusted audit partner gave Cognota further confidence that their results would fully satisfy clients and stakeholders alike. 

The combination of direct vCISO support and deliverables, an auditor-preferred governance, risk, and compliance platform, and a trusted audit firm gave Cognota a clear path forward.

“I would definitely recommend Drata, Rhymetec, and A-LIGN – especially if it’s your first time going through an audit like this. Their expertise and efficiency helped us a ton.” 

– Andrew O’Hoski, Director of IT Operations  

The Results: Confidence, Peace of Mind, and Stronger Client Relationships For Cognota

Cognota’s partnership with Rhymetec, Drata, and A-LIGN enabled them to get across the finish line for their SOC 2 Type 2 audit, cutting through bottlenecks in their sales process and allowing them to assure clients and prospects of the soundness of their security program. 

With A-LIGN, they accessed an incredibly smooth audit experience, completing their audit on time and with no remediation required. As an industry leader in security compliance audits with over 20 years of experience, A-LIGN had the expertise and credibility that Cognota needed when presenting results to prospects and clients. 

They conducted the audit efficiently and provided a strong stamp of trust that resonates with Cognota’s customer base. Thanks to the pre-audit prep carried out by Rhymetec and Drata, Cognota was fully ready for its audit and faced zero remediation: 

“We didn’t have to do a single remediation. It was on time, everything was thorough, and we were happy.” 

– Andrew O’Hoski, Director of IT Operations 

With their SOC 2 report in hand, Cognota’s sales team could respond to security questionnaires and client concerns with confidence. Instead of scrambling to produce documentation, they could simply direct prospects to their trust center with Drata:

“We’re not stressed about our next reports anymore. We just send prospects to the trust center, and it makes our lives a lot easier.” 

– Andrew O’Hoski, Director of IT Operations 

The new system greatly reduced workload and stress across the company. Compliance became an ongoing process integrated into daily operations. Their Rhymetec vCISO is consistently responsive and provides the expertise and guidance needed to achieve and maintain compliance: 

“We appreciate having a shared Slack channel and how quickly everyone responds. We love working with you—your communication, expertise, and guidance throughout the process have been great.”  – Andrew O’Hoski, Director of IT Operations 

Engaging Rhymetec, Drata, and A-LIGN transformed compliance from a manual, high-stakes process that risked delaying growth into a business enabler supporting sales and long-term credibility in the LearnOps market. The collaboration gave them peace of mind internally and the ability to foster stronger trust with clients and prospects. As they continue to pioneer the learning technology space, Cognota now has a security and compliance foundation built to grow with them.