Customer Story

Transit Technologies

A SOC 2 compliance journey across a multi-company transportation technology portfolio, from no formal security program to portfolio-wide Type II readiness.

Client Context

Scaling trust for a high-growth transit technology portfolio.

Transit Technologies powers more than 100 million rides annually and manages a diverse portfolio of software companies. In 2022, the organization initiated a SOC 2 readiness program to strengthen its trust posture, starting with Faster Assets and Ecolane, two subsidiaries without formal security programs.

Engagement scope: SOC 2 readiness across eight transportation and logistics software companies.
Key challenges: no formal security programs at subsidiaries and the need for repeatable governance.
Successful outcomes: SOC 2 Type I with zero findings and a roadmap to Type II expansion.

Engagement Snapshot

Industry Transportation & Logistics Technology

Engagement Period 2022 - 2024

Services

Holistic Risk & Control Posture Assessment
SOC 2 readiness
IT service management process engineering
ISG Managed Programs

Frameworks & Best Practices

ISG Unified Security & Risk Framework (USR)
ITIL and COBIT best practices
NIST & ISACA Risk Management best practices

Challenges

Building a formal security program from the ground up.

No existing information security frameworks or risk management processes.
Missing IT service management processes for change, continuity, and incident management.
Aggressive timeline to reach SOC 2 Type I readiness and scale further.

Strategy & Execution

Composable governance aligned to SOC 2 readiness.

Performed a comprehensive risk assessment and established a control baseline.
Engineered ITSM processes to align operational workflows to SOC 2 controls.
Implemented a managed governance model spanning information security, risk management, vendor compliance, and cyber incident response.
Guided audit readiness through SOC 2 Type I and expansion planning.

Outcomes

Audit-ready results with portfolio-wide scale.

SOC 2 Type I with zero findings

Faster Assets and Ecolane achieved SOC 2 Type I across Security, Confidentiality, and Availability without audit findings in 2023.

Expansion to Type II across six companies

By the end of 2024, Transit achieved SOC 2 Type II compliance across six portfolio companies, including four that bypassed Type I.

Institutionalized security operations

Formalized IT and security processes with continuous risk management and vendor oversight embedded into operations.

Explore more customer stories.

See how 3HUE delivers outcomes across regulated industries.

Back to Customer Stories Request a Consult