Comparative views between Rzilient and LightOn on SOC2 certification
Discover our all-in-one solution
In 2025, Rzilient and LightOn both obtained SOC 2 type I certification. But in a digital landscape where cyberattacks are daily, and compliance policies are ever more demanding, what explains why certification SOC2 (Service Organization Control 2) has become the essential sesame for SaaS and Deeptech companies.
Quentin de Lambert (co-founder of Rzilient) and Fabien Moreau (developer & IT manager at LightOn) share their feedback on this strategic challenge.
Why has SOC2 become essential?
For Quentin (resilient), the current context no longer leaves a choice: “Not a day goes by without attacks. As an outsourcer, we manage complex data for our customers; being irreproachable is an obligation towards the market and our competitors.”
Chez LightOn, the challenge is directly linked to business.
“We allow businesses to deploy AI on their own private data. SOC2 shows that we take document security very seriously. This allows us to open discussions with prospects that would have been impossible before.”, explain Fabien.
Reconciling compliance and agility: the operational challenge
One of the major pitfalls of SOC 2 certification is its stiffness. By imposing very strict protocols, these standards can sometimes burden internal processes and cause operational efficiency to be lost.
This is where the support provided by Rzilient comes into its own:
Rzilient's role is to provide the right advice so as not to sacrifice this efficiency. Some aspects of the standard, which are very rigid on paper, can be relaxed by implementing other compensatory controls. The idea is to be compliant without paralyzing the organization.” — Quentin de Lambert.
What was Rzilient's role in Lighton's certification process?
For LightOn, rzilient was not only a hardware supplier, but a real technical lever for validating audit criteria.
Simplified deployment
The deployment of MDM (Mobile Device Management) on the entire fleet was entirely managed by the Rzilient teams, avoiding tedious manual installation.
Inventory and Proofs
rzilient made it possible to instantly provide the complete inventory of the fleet (serial numbers, status, users), a key piece for auditors.
Critical updates
Through the platform, Lighton was able to ensure that each employee had the latest version of the OS and to push remote updates if necessary.
Strict security policy
Deployment of a robust password policy as soon as a new computer is handed over, blocking overly simple combinations by default (no more the famous “12345").
Audit connectivity
The MDM via rzilient could be directly connected to the certification service to prove in real time that 100% of the fleet was compliant (Compliant).
In the end, it's a time saver of several months for LightOn. On the rational side, obtaining was also faster: as an outsourcing agent, safety is in the DNA of the company. Many of the best practices required by SOC 2 were already implicit and applied at rzilient since its creation.
The Challenges: Costs, Time, and Culture
Obtaining certification is no easy task. The two experts agree on the main obstacles:
- The investment: Whether in terms of human time or budget (support by service providers like Bastion for Rzilient).
- Process rigidity: Setting up password policies or access rights can slow the organization down at first.
- The administrative: “It's a lot of documentary work on access rights and internal security policies”, says Fabien.
The path to certification (6 months of work)
The path taken by Rzilient and LightOn involves four key steps:
- Self-assessment & Diagnosis: Understand your current level of cyber maturity.
- IT compliance: Deployment of tools (MDM, Antivirus, secure WiFi network, monitoring of abnormal activities).
- Documentation & Preparation: Creation of evidence for the auditor.
- Validation: Final audit and certification deliverability.
Expert advice for success
Quentin's advice:
Know what your level of understanding of cyber issues is before going for it. Above all, involve all employees through transparent communication.
Fabien's advice:
Start early! And try to use services that centralize your security policies so you don't get scattered.
And after?
For Rzilient, SOC2 is only the first step towardsISO 27001. For LightOn, the objective is to pass from SOC2 Type 1 (a photo at the moment T) at Type 2, which proves the efficiency of the processes over a given period (verification that the accesses are properly closed upon departure, for example).
