Stord Simplifies SOC 2 Evidence Collection Using JumpCloud

Stord is a ‘Consumer Experience Company’ combining a global network of owned fulfillment centers, carrier relationships, and purpose-built software and AI that is battle-tested in its own facilities every day. With nearly 100 fulfillment locations worldwide, over $15 billion in annual GMV, and a physical intelligence layer that deploys AI and agentic robotics across its entire network, Stord operates at a scale where security and compliance infrastructure has to keep pace with the business.

As Stord continued to grow rapidly, its lean IT and security teams needed a more efficient way to maintain strong security controls and simplify SOC 2 evidence collection without increasing operational overhead. The company needed a way to standardize device management, automate onboarding and offboarding, and gain greater visibility into security policies across a distributed fleet of Windows and macOS devices. Most importantly, the team wanted confidence that critical controls were consistently enforced and easily demonstrated during audits.

By implementing JumpCloud, Stord unified identity and device management into a single platform. This strategic move helped the organization simplify compliance operations, automate workflows, and support continued growth.

The Challenge: Managing Compliance Across Fragmented Systems

Before implementing JumpCloud, Stord managed devices across multiple MDM platforms, with separate systems supporting Windows devices and Jamf Pro supporting macOS devices. As the business scaled, maintaining policies across multiple tools became increasingly difficult and time-consuming.

We wanted to find a solution that could combine both Mac and Windows into one location so that we didn’t have to straddle two different sources and multiple policies.

—Codi Handley, Director of Security and IT, Stord

The team also faced challenges around device visibility and management consistency. Commands pushed to devices did not always execute reliably, and administrators had limited visibility into device status and policy enforcement.

At the same time, SOC 2 evidence collection became increasingly complex. Security and audit teams often had to pull information from multiple systems to verify controls such as:

• Disk encryption
• Password policies
• Antivirus installation
• Removable media restrictions
• Device inventory and ownership

Without centralized visibility, preparing evidence for auditors became a manual and time-intensive process. The onboarding experience also created friction. Because devices were not tied directly to users and zero-touch provisioning remained unavailable, employees often waited several days to receive access to required applications and systems.

As Stord prepared for continued growth, the team recognized the need for a more automated and scalable approach.

The Solution: Centralizing Identity and Device Management with JumpCloud

Stord selected JumpCloud to consolidate identity, access, and device management into a single platform capable of supporting both Windows and macOS environments. For the IT team, the ability to manage security policies centrally while improving visibility into device compliance and audit controls proved to be the biggest advantage.

When we evaluated JumpCloud, the simplicity and usability of the platform’s UI immediately stood out. It gave us much greater confidence that we had the right policies in place and could deploy them consistently across both our Windows and macOS environments from a single platform.

—Codi Handley, Director of Security and IT, Stord

Using JumpCloud, Stord implemented centralized controls for:

• Full-disk encryption
• Password policies
• Removable media restrictions
• Administrator access management
• Device inventory and reporting
• Remote lock and wipe capabilities

The organization also connected JumpCloud with its HRIS and Apple Business Manager to automate employee lifecycle management and device provisioning workflows. This integration allowed the company to regulate onboarding and offboarding processes while significantly increasing the security posture and reducing manual administrative work for the IT team.

The Results: Simplified Evidence Collection for SOC 2

One of the most significant improvements for Stord was the ability to streamline SOC 2 evidence collection and respond to auditor requests more efficiently.

Instead of gathering screenshots and reports from multiple systems, the team now accesses centralized information directly within JumpCloud.

When auditors sample users and ask us to verify things like antivirus installation, encryption status, or password policies, it’s really easy for us to pull up the device, go into the Insights tab, and immediately show that information directly from JumpCloud.

—Codi Handley, Director of Security and IT, Stord

Stord also leverages JumpCloud to standardize password policies and encryption requirements across the organization. Centrally managed controls help simplify audit preparation and give the team greater assurance that policies remain consistently enforced across devices.

I’m confident enough in JumpCloud that I’ve used it live on calls with auditors. We can pull up security settings, walk through password policies, and validate controls in real time.

—Codi Handley, Director of Security and IT, Stord

Automating Onboarding, Offboarding, and Access Management

As part of its broader operational improvements, Stord utilizes JumpCloud to automate onboarding and offboarding workflows by integrating it with its HRIS.

Now, when the HR team creates a new employee account in the HRIS, JumpCloud automatically:

• creates user accounts,
• assigns users to the appropriate groups,
• provisions application access,
• applies security policies, and
• configures devices with required applications.

New hires can set up credentials on day one and receive devices already configured with essential tools such as Slack, Email, Google Chrome, and Claude. According to the team, this automation reduced onboarding delays that previously slowed productivity by several days.

It makes onboarding a lot faster. People can jump in and start doing their job immediately from day one instead of waiting those extra three or four days for access.

—Codi Handley, Director of Security and IT, Stord

The organization also improved offboarding security through automated workflows. When HR processes an employee separation in the HRIS, connected workflows automatically suspend accounts and lock associated devices. This automation eliminated the reliance on manual processes while significantly improving consistency and response times.

Looking Forward: Supporting Growth at Scale

Since implementing JumpCloud, Stord has continued to scale rapidly while maintaining lean IT and security operations. Despite this growth, the company easily maintains centralized visibility and standardized policy management across its entire environment.

We’re about three or four times the size now than we were when we first implemented JumpCloud. For us, the biggest JumpCloud outcome has been operational confidence: confidence that devices are properly managed, policies are consistently enforced, and audit evidence is readily accessible when needed.

—Codi Handley, Director of Security and IT, Stord