Tugboat Logic Reviews: Debunking the Myths

We all know that rumors are wrong, especially in business. Building trust through honesty and best practices should be baked into the DNA of any business.

There is still unfortunately a lot of misinformation out there about security assurance. It’s hard to know what’s real or who is being honest. Especially as information security is not the easiest or most exciting topic to tackle.

Choosing a software provider can feel pretty stressful. So, we wanted to make this process a bit easier for you by clarifying any misinformation you’ve heard about our solution and compliance automation tools in general.

We sat down with some of our C-suite and employees to listen to what they had to say about the fallacies we regularly encounter.

Tugboat Logic Reviews: Everything You’ve Heard About Tugboat Logic That Isn’t True

Tugboat Logic Is a Legacy Platform With Loads of Manual Uploads Because They Don’t Have Integrations.

“If this is true, then the sky is also green and the grass is blue.” – Ray Kruck, Founder and CEO

As the original security assurance platform, we have created a legacy. However, as the most advanced platform on the market, this is a stretch.

This statement also fails to recognize that there is much more to automation and reducing the workload around security assurance than integrations.

Our platform’s goal has been to help companies demystify and reduce the workload around security audit readiness since its inception. Automation has always been an integral part of that.

Integrations- Tugboat LogicTugboat Logic was the first security assurance platform to have any integrations. Four years later, we boast over 50 integrations that cover over 100 unique evidence collection tasks in your compliance project.  

Any integrations set up within the platform easily and automatically pulls evidence from your tech stack right to the corresponding control. On a determined ongoing basis that you decide. And our integrations support continuous compliance and collect required evidence for your next audit, right after your first audit is over.

There are further automated internal risk assessments, vendor risk assessments, security questionnaire responses and control templates within the Tugboat Logic Platform, too.

Our platform is so fast, comprehensive and easy-to-use that we’ve displaced competitors 2:1. Meaning customers are won from competitors twice as much as they are lost. And we have over 1500 satisfied customers to prove it.

Watch Tugboat Logic Reviews on legacy, manual uploads and integrations:

Tugboat Logic’s Platform Is Based on Screenshots, Spreadsheets and Google Docs for Evidence.

Michelle Russell - Tugboat Logic Sales Manager“The reason why Tugboat Logic was invented in the first place was that our founding staff members were sick and tired of only using screenshots, spreadsheets, and Google docs to prepare for security audits,” said Michelle Russell, Tugboat Logic’s National Sales Manager.

Tugboat Logic’s Founder started the company because he knew there was a better way to prepare for security audits than collecting spreadsheets and screenshots. The Tugboat Logic dashboard is designed to be a single source of truth.

It includes everything from the status of your integrations, policies, security questionnaires, remaining evidence tasks, Security Posture Alerts - New Dashboard - Character (1)and the overall progress of assigned tasks.

So what about the screenshots, Google Docs or spreadsheets?

We only use them in these instances:

  1.  The customer chooses to use them.
  2.  An auditor requests something specific.
  3.  A framework requires it.

Any vendor in the security assurance space asserting their platform does not utilize any screenshots, Google Docs, or spreadsheets is telling you a tall tale.

Watch Tugboat Logic Reviews on screenshots, spreadsheets and Google docs.

With Tugboat Logic, You Cannot Assign Different Controls to Different Owners.

One of Tugboat Logic’s most basic functions has been assigning different controls to different owners. As a result, our platform is highly flexible regarding who you can assign controls or evidence tasks to.

As Tugboat Logic’s Chief Product Officer, Patrick Murray, stated, “we have invested more than any other player in project management. We can integrate with a customer’s Asana or Jira if they use it. But we don’t defer to those applications for project management within the platform. The project management capabilities are inherent.”

Don’t Know Which SOC 2 Compliance Software Is Right for You?

Learn which mistakes to avoid and hear from real software users in our SOC 2 Compliance Software Buyer’s Guide.

Download Here

Tugboat Logic Comes With Nothing and Requires You to Design About 80 Controls From Scratch for SOC 2 or ISO 27001 Audits.

“What is funny about this one is the mention of ISO 27001. ISO 27001 has a defined set of controls that come in the framework as default. This just really shows how much whoever said this has no idea what they are talking about.”

– Jose Costa, Tugboat Logic’s Chief Information Security Officer.

To start their security assurance project in the Tugboat Logic platform customers complete a simple questionnaire to define the scope of their project. Then, we provide a list of pre-built and auto-populated policies, corresponding controls and evidence tasks.

There is predefined guidance for almost 20 global and different industry frameworks.

The in-house Tugboat Logic Labs team (who have over 100 combined years of security audit experience across all major industries) create and manage all content in the Tugboat Logic platformRay Kruck, Tugboat Logic CEO

As Ray Kruck, Tugboat Logic’s CEO and Founder, said “our mantra has always been getting the audit done rapidly and ensuring our customers pass their audit. An over-simplified checklist is often not enough to get the job done. That’s why we don’t use one. In our eyes, we haven’t done our job until our customer has passed their audit and reached their goal.”

Watch Tugboat Logic Reviews on control design:

Tugboat Logic Was Acquired by OneTrust, and That’s a Huge Red Flag, but It Makes Sense as They Rank Pretty Low Among Top Competitors in the Security, Privacy, and Governance Space.

You don’t have to know anything about us to know that successful companies do not choose to acquire the worst or “low-ranking” players within a market. OneTrust is the most widely used vendor for security, privacy and governance. They were number one on The Inc. 500 list with 48,000% three-year growth.

“OneTrust also reviewed every competitor in this space and chose Tugboat Logic because it is the most advanced platform in the market.”

– Michelle Russell, Tugboat Logic’s National Sales Manager

The acquisition has allowed Tugboat Logic to significantly decrease its costs. This ensures companies of all sizes and budgets can use its first-in-class offering. In addition, Tugboat Logic joining the OneTrust family enables customers to easily grow their security programs into global InfoSec frameworks. And to services like privacy management, environmental program management, and data governance.

“OneTrust acquiring Tugboat Logic is a synergy between privacy and security services that makes our processes faster and makes growth easier for our customers. We are now able to get you past the finish line even faster and with more opportunities. It’s honestly a win-win for our customers.”- Chika Nwajagu Tugboat Logic’s Information Security Senior Manager.


Watch Tugboat Logic Reviews on the OneTrust acquisition:

Tugboat Logic’s Customer Service and Development Were Slow Before OneTrust Acquired Them, and It’ll Only Get Worse. They Won’t Support Their Existing Customers or Maintain Their Roadmap Now That They Fall Under OneTrust

Before and after the acquisition, Tugboat Logic releases new features on a three-week sprint cycle. Keeping Tugboat Logic’s product fresh and responsive to the market will always be a top priority.

The commitment to research development is one of the most cited reasons why staff members join the Tugboat Logic team. As Sydney Archer, Tugboat Logic’s VP of Customer Service and Chief Diversity and Inclusion Officer, said “they (new employees) love how responsive Tugboat Logic is to both our customers and the marketplace.”

The customer service team has a 24 hour response time. Clients have a dedicated account manager to ensure they pass their audit. We even have a community platform called The Helm. Customers can connect with other users, access exclusive educational resources, and ask questions.

Tugboat Logic Community Space, The Helm

For more about our customer service, read Tugboat Logic’s G2 reviews or customer stories to see for yourself. We have fantastic customer service and the customer service team plays a significant role in why we have such a significant market share and so many returning customers.

“We take a lot of pride in how we do business. There are players in this space that say you can do SOC 2 in a few weeks. Or, they will drop you off at the curb as soon as you have been on-boarded. We’re really good at being there for you every step of the way, defining expectations and making sure you actually cross the finish line.” – Patrick Murray, Tugboat Logic’s Chief Product Officer

Watch Tugboat Logic Reviews on OneTrust’s impact on our customer service:

If You’re Hesitant About Implementing a Light-Weight Agent, Then You Definitely Wouldn’t Want to Be Forced to Install an MDM on Machines Like You Have to With Tugboat Logic.

“That is like saying, ‘hey, don’t drive the latest and most cutting edge car, you should drive this unpredictable old rundown car.”- Michael Chessa, Tugboat Logic’s VP of Sales

Let’s be clear about what an MDM (mobile device management) and “light-weight” agent are and why they’re different.

One of the actions required to pass a security audit and satisfy requirements is to centrally manage, support and improve the security of the devices on your organization’s network.

Some software providers use an agent tool created in-house to ensure customers meet this requirement. Others use MDM integrations provided by specialized mobile device security vendors such as Jamf, JumpCloud, or MS Intune.

MDM solutions are more mature and secure, and as Patrick Murray, Tugboat Logic’s Chief Product Officer, points out, “this statement is the perfect example of why whoever said this doesn’t actually understand information security or privacy. I’ve been in security for 20 years. No security expert would ever deploy an agent that is just hoovering up information without consent (like agents tools do). It’s not just about ease of use, but also security and privacy.”

Tugboat Logic does recommend customers use an MDM. However, it is not mandatory for Tugboat Logic customers to use an MDM. Customers can fill this requirement in anyway they deem is best for them.

Ray Kruck, Tugboat Logic’s CEO and Founder added, “when you introduce a third-party solution like an agent tool that is not secure into your cloud environment, that is a massive security risk. Most customers reject this approach and would prefer to work with the technologies they already have in place.”

Watch Tugboat Logic Reviews on MDMs vs. agent tools:

You Can Only Comply With One Framework at a Time With Tugboat Logic

“Multi-framework capabilities are the foundation of our product. It has always been a priority. My team is personally dedicated to making sure framework mapping is clear to make customer’s lives easier.”- Jose Costa, Tugboat Logic’s Chief Information Security Tugboat Logic LibraryOfficer.

A core function of Tugboat Logic’s platform is multi-framework capabilities. You can manage all aspects of compliance with more than one framework simultaneously. This includes setting up controls and evidence collection easily within the platform.

Further, you can create policy and implement controls that are organization-wide, region-specific and business unit specific for each framework.

As Michelle Russell Tugboat Logic’s National Sales Manager said, “Our platform understands the connective tissue between each framework and our customers are easily able to apply their work to new information security but also privacy frameworks and policies.”

Watch Tugboat Logic Reviews on framework overlap:

Setting The Record Straight

There are, unfortunately, many bad actors in today’s security compliance market. Some software vendors promise things that are simply not possible, like passing your SOC 2 audit in weeks or complete automation through integrations.

Misinformation adds a lot of confusion to an already confusing industry. Compliance can be a bumpy ride and is not a one-size-fits-all experience. All providers should be upfront and honest about what your security assurance journey will look like.

We know that security assurance can be overwhelming, and setting you up for success is what we’re here to do.

“If a company’s sales pitch is just tearing down competitors, that is a really bad sign. Vendors should focus on their own value and what they have done for clients that are in a similar place as you. We conduct ourselves with a lot of authenticity and transparency at Tugboat Logic. ” – Ray Kruck, Tugboat Logic’s CEO & Founder

Grow Your Security Program and Sell More With Tugboat Logic

Scott Sturgeon, Tugboat Logic's Chief Technology Officer

“Let the product speak for itself, right? No need to lie. If you’re lying, that tells me there is something wrong with your product.” Scott Sturgeon, Tugboat Logic’s Chief Technology Officer

Now that you’ve heard Tugboat Logic’s reviews and we have set the record straight on everything you’ve heard about us that isn’t true, we’d like to invite you to book a demo of your own.

Our demos are not a bunch of slides. In fact, we go straight into demoing our product. We focus on exhibiting its capabilities because we’re really proud to show you what we’ve built.

Or, if you’re really eager, you can dive right in and start a free trial of Tugboat Logic’s first-in-class security assurance platform.

SOC 2 Compliance Software Buyer's Guide

Everything you need to find the best SOC 2 compliance software for you and your business.

Download Guide