Bento connects members with nutritious, dietitian-curated groceries delivered from nearby grocery stores, all through the simplicity of SMS.
“Secureframe has been liberating, freeing up both my time and cognitive overhead to be able to focus on other things. It's allowed us to build a more scalable product, improve processes, and really streamline and scale our business.”
Deepak Kumar, CTO, Bento
Secureframe provided Bento with:
Jump To
Bento is a medically tailored nutrition service that contracts with state Medicaid agencies to connect low income community members with nutritious food that not only reduces their food insecurity but also improves their chronic health conditions.
The company’s CTO, Deepak Kumar, had extensive experience building and maintaining compliance manually at his previous HIPAA-regulated company—long before compliance automation existed. This forced him to spend 20-40% of his time managing compliance on spreadsheets and other tools instead of focusing on more important areas of his business.
“I had to build everything you guys do from scratch, on my own—from authoring policies to getting them run through legal, finding vendors for background checks and training, to continuously monitoring our infrastructure. Building everything from scratch and keeping us compliant took a significant chunk of my time as CTO and founder of that previous company.”
He understood that the manual process of becoming and staying HIPAA compliant was time-consuming and costly and didn’t want to go through it again at Bento.
“There's no need to do it on your own anymore. And there's no value in doing it on your own because it’s a lot of requirements and manual processes—gathering paperwork, policy management, tracking people to fill out background checks. It's not worth doing at all.”
Driven by a desire to avoid spending limited resources on compliance management, Deepak looked for an automated solution that would provide visibility into the compliance process. He explored Secureframe after being influenced by word-of-mouth recommendations from his Techstars alum.
“I wanted visibility into where we are with the compliance process across the board. That snapshot of who's done training, who's got background checks, which services and servers have exposed ports—all that from a single place is hugely powerful. Having built this stuff before, I know how painful it is when you don't have that.”
The sales process heavily influenced his decision to choose Secureframe over a competitor.
“My salesperson at Secureframe was amazing. That made the difference. Personality drove the sale.”
Deepak was impressed with the high-touch onboarding experience and streamlined approach to compliance.
“It was very collaborative. I felt like my account manager had my back, understood my timeline, and didn't pressure me to do things differently. She was supportive. Within a few months, we were HIPAA compliant and audit ready.”
Secureframe’s policy management allowed Bento to inherit well-vetted policies, eliminating the need to manually draft, revise, and maintain policies and run them through legal, which significantly reduced administrative burden and costs.
“The fact that we inherit these policies from you that are well-vetted and make sense is huge. It's one less big thing to manage and keep updated.”
Secureframe also provided Deepak with a centralized platform with complete visibility into the compliance process, allowing him to monitor training, background checks, and infrastructure security from a single dashboard—ensuring that Bento remained audit-ready without manual oversight.
“Having one place to view how we are, how we progressed, or where we are when it comes to compliance in a single spot is probably the best thing. There's no more making copies from Google Docs and Google Drive. The continuous monitoring is amazing.”
Secureframe's automated mapping feature facilitated the addition of new compliance frameworks, including SOC 2, helping Bento to make progress without starting from scratch.
“There’s a lot of overlap between SOC 2 and HIPAA, so we were already about 60% of the way there as soon as we added SOC 2 [to our Secureframe instance].”
Deepak expects to be audit-ready in a couple of months thanks to Secureframe’s automated mapping and monitoring dashboard that shows exactly where they are in the compliance readiness process and is looking forward to the audit.
“Having auditors familiar with the Secureframe product so the audit becomes easier and more streamlined is also great. I'm looking forward to taking advantage of that.”
While they did have a partner request to get SOC 2 compliant, the real impetus for completing the audit was to improve general cyber hygiene to help Bento grow faster.
“A partner, one of the largest grocery retailers in the US, needed to be SOC 2 compliant and asked whether we were. The deal doesn’t require SOC 2, but we thought it’d be important for good hygiene.”
To further improve its security posture and anticipate customer expectations, Bento continued their multi-framework approach by adding CCPA.
“We added CCPA because most of our customers are in California. We’re too small for CCPA to apply to us at the moment, but adding it and making sure we work toward those controls is easy to do in Secureframe.”
Working with Secureframe saved Bento hundreds of hours and dollars annually on compliance-related tasks compared to the time and cost it would have taken a salaried and dedicated security or compliance professional.
"The return on investment is painfully obvious. If I were to imagine building a compliance program from scratch again, it would take 200 hours a year. That's 200 hours at whatever the head of compliance or security salary would be. It's a no-brainer that we use something like Secureframe, which probably reduces that time by a tenth."
The time savings offered by Secureframe have enabled Deepak to focus on other areas of the business. This is huge since, as CTO, he’s responsible for product, engineering, IT, and compliance.
“Secureframe has been liberating, freeing up my time and cognitive overhead to focus on other things. It's allowed us to build a more scalable product, improve processes, and really streamline and scale our business. If it’s not obvious, I’m in love with Secureframe.”
The platform’s suite of tools, including its reports and dashboards, has made it easy for Bento to demonstrate their security and compliance posture to customers and prospects, helping to build trust and avoid delays in the sales process.
“Sometimes, later in the deal discovery process, a prospect will say we forgot to mention we need you to be HIPAA compliant. With Secureframe, we can easily export a report showcasing our HIPAA compliance. We’re an open book. That’s helping us get to the next growth phase and close deals quickly.”
Secureframe has also streamlined the process of sharing compliance information with internal stakeholders, including board members.
“Whether it’s being able to export our readiness report from Secureframe and hand that off to a potential customer or screenshot my Secureframe dashboard and send it to a board member, that information is always there. It's ready to go. It's up to date. We use that a ton.”
Proactively working toward compliance with other frameworks, such as SOC 2 and CCPA, has helped further position Bento for future growth without adding manual overhead.
“Go with a service that does it all for you and where ROI is obvious. Secureframe has saved me hundreds of hours a year, so it’s a no-brainer. If you need to get compliant, partnering with Secureframe makes all the sense in the world.”
