How Knockri Spent an Hour a Week Achieving and Maintaining Compliance

  • Industry: HR Tech
  • Services and Frameworks: vCISO, SOC 2 Type 2, ISO 27001, Penetration Testing

Location: Toronto, Canada
Date Founded: 2016
Number of Employees: 11-50

The Company: Knockri Is Leading DEI-Focused Enterprises in Talent Acquisition and Retention

Knockri is a leading provider of AI-powered behavioral assessments for talent acquisition. Their assessments enable organizations to screen and shortlist candidates during the hiring process, and aid in talent development and management. While these assessments can help fill a variety of roles across countless industries, their primary focus lies in larger organizations with a few thousand employees, as these organizations find their tools particularly valuable.

Knockri’s value proposition revolves around three key pillars:

  1. Adding a significant level of efficiency to the hiring process: by leveraging AI technology to streamline candidate evaluation and selection. This saves valuable time and resources for HR teams.
  2. Promoting fair evaluations: Knockri’s assessments help to level the playing field for candidates during the early stages of the hiring process. The science-backed AI reduces bias and increases the chances of identifying the best-fit candidates based on their capabilities and business needs.
  3. Enhancing the candidate experience: Knockri recognizes the importance of providing a positive impression to potential hires. Companies can make the candidate experience a priority with a seamless UI, personalized touchpoints for every applicant, 24/7 support through Knockri, and more.

The Challenge: Serving Next-Gen Software in a “Traditional” and Regulated Market

Being an AI company operating in the HR industry, Knockri faces unique challenges due to the intersection of advancing technology and a regulated market. The HR industry has been historically more cautious in adopting new technology. Knockri must navigate regulations to ensure appropriate candidate selection, considering the societal impact of inappropriate decisions, and ensure their underlying science is sound, and their assessments predict what they say it will predict.

Knockri must also prioritize security and demonstrate their ability to handle candidate data, PII data, and confidential information in compliance with enterprise customers’ strict cultural and security standards. These challenges, along with the time-consuming nature of addressing individual client security requests without a structured process, have impacted the company’s growth, particularly when operating with a smaller team that handles multiple responsibilities.

The Solution: Fast-paced InfoSec Development, Tailored to Knockri’s Unique Needs

The Knockri team had worked with other security partners that treated their infosec program with one-size-fits-all solutions. Although it’s great to “check boxes” the solutions were too onerous —implementing standards that weren’t necessary to their business—adding more friction to establishing a solid security posture.

What stood out to me was that Rhymetec had a really good grasp of what was required. We were seeking vendors because we wanted to improve our security posture, and because it was important for our customers. We needed to balance both, and startups are on a quick timeline. I saw that Rhymetec was able to identify issues, and had a plan in place, to very quickly get us up and running rather than spend a lot of time setting up our security program. It just seemed like they knew what had to get done.” Said Knockri’s CTO, Faisal Ahmed.

Knockri knew what policies and standards they needed to maintain in order to continue their growth to enterprise clients. They were seeking guidance on approaching those needs in an effective manner, and seeking someone to be hands-on within that process. Rhymetec’s vCISO (Virtual Chief Information Security Officer, or virtual CISO) and Penetration Testing program allowed them to have that tailored support, and gain more valuable insights into their security posture.

The Results: An Hour a Week For Knockri to Build a More Effective Security Program

Engaging with Rhymetec has yielded significant results for Knockri, primarily in terms of efficiency, cost savings, and allowing them to focus on their core competencies.

By outsourcing their security needs to Rhymetec, the team has avoided the need to assemble an in-house security team, resulting in substantial cost savings. They no longer have to worry about acquiring and maintaining in-house security and compliance knowledge in the rapidly evolving world of technology, instead they can rely on Rhymetec’s expertise and resources.

Knockri acknowledged that attempting to handle security operations internally would be time-consuming and could negatively impact their ability to serve customers effectively. vCISO and Penetration testing services allowed them to focus on what they’re good at, and continuously improve their software and bring impactful solutions to job candidates and HR professionals worldwide.

With Rhymetec’s support, the company experienced streamlined processes during SOC 2 and ISO Compliance Readiness phases. The team spent only 30-60 minutes per week to achieve compliance, reviewing high-level goals and necessary action items with their designated security expert. If done internally, this would have taken them several hours a week, at a minimum.


“I see Rhymetec putting effort into making sure people are knowledgeable about the security world, but at the same time, are understanding of our requirements.”

– Faisal Ahmed, CTO, Knockri