How Fable Evolved from SOC 2 to ISO 27001 with MHM

From Early Compliance to Certified Excellence

Case Study: From SOC 2 Foundations to ISO 27001 Success 

Fable company logo

Fable is the leading accessibility research platform, combining a purpose-built platform with a vetted community of people with disabilities to deliver real-world accessibility insights inside modern product workflows.

Industry: Software Development

Headquarters: Canada

What They Do: Fable is a digital accessibility platform that helps organizations build more inclusive digital products by connecting product teams to people with disabilities for real-world testing and research. 

Core Services: Fully managed accessibility research, accessibility research alliance, accessibility training, strategic consulting, and community surveys.

The Challenge:

As Fable grew into a trusted accessibility partner for leading global digital organizations, its compliance requirements increased rapidly.

The company needed a trusted audit partner to support its initial SOC 2 audit, assist with Microsoft SSPA attestation, and help mature its compliance program as customer expectations evolved.

As an accessibility-focused organization, Fable required more than a transactional audit approach. It needed experienced auditors who could understand its business model, provide practical guidance, and support the development of a robust and sustainable compliance framework.

The MHM Approach:

MHM provided ongoing support to Fable as it scaled its governance, risk, and compliance (GRC) program, ensuring alignment with SOC 2 requirements and supporting broader compliance maturity, including Microsoft SSPA attestation.

From the outset, MHM’s senior audit team engaged in a practical and collaborative manner, focusing on understanding Fable’s operating environment as both a high-growth SaaS organization and an accessibility-focused platform.

The engagement emphasized:

Practical interpretation of controls:

MHM was especially valuable when working through nuanced questions that went beyond a standard audit checklist. Whether evaluating how assistive technology users interact with controls like time-limited one-time passcodes, or thinking through how to protect employees in an evolving threat environment, MHM brought thoughtful, experience-based guidance that helped validate Fable’s approach.

Rather than applying a purely checklist-driven methodology, MHM focused on how controls operate in real-world scenarios,  including how users with disabilities interact with authentication and security workflows within the platform.

Support for emerging risk areas:
As Fable began adopting AI-enabled tools and expanding related capabilities, MHM provided advisory input to support responsible implementation and alignment with evolving governance expectations.

Collaborative audit delivery:
The engagement was delivered in a continuous, advisory-led manner, enabling Fable to maintain a stable and mature compliance program while reducing friction typically associated with traditional audit processes.

Fable’s SOC 2 foundations to ISO 27001 success with MHM

“MHM brings the kind of expertise and responsiveness that is hard to find. From SOC 2 to Microsoft SSPA to ISO 27001 work, they have consistently made us feel like a priority and helped us navigate complex questions with confidence.”

- Spencer Brawner, Head of Cybersecurity, Privacy, and Compliance

The Results: 

The engagement with MHM delivered a combination of technical expertise, responsiveness, and practical guidance that supported Fable’s continued growth in its governance, risk, and compliance (GRC) program.

MHM initially supported Fable with its SOC 2 audit and was later engaged for Microsoft SSPA. The relationship has since expanded to include ISO/IEC 27001:2022 certification. 

The audit process was described as efficient, clearly structured, and well supported throughout. MHM’s experienced auditors were able to quickly understand complex issues and provide practical, actionable guidance, particularly in specialized areas such as Microsoft SSPA, where access to relevant expertise can often be limited.

MHM consistently met agreed timelines and contributed to strengthening Fable’s underlying compliance program, rather than focusing solely on audit completion. Their involvement supported both audit execution and ongoing program maturity.

A key differentiator highlighted was the consistency of senior-level engagement. Unlike previous experiences with larger firms where delivery teams were more variable, Fable continued to receive direct access to experienced auditors and maintained a consistent level of responsiveness, even as MHM scaled.

Overall, the engagement provided confidence in both audit outcomes and the long-term stability of Fable’s compliance program.

Fable's accessibility platform supporting inclusive design

“MHM combines experienced auditors, practical advice, and a true white glove approach to help us build and maintain a compliance program we can rely on.”

- Spencer Brawner, Head of Cybersecurity, Privacy, and Compliance

Founder Insight: Fable’s Compliance Journey 

Fable was one of the first organizations we worked with when building out our SOC 2 audit firm, and it has been impressive to see how their compliance program and overall business have evolved over time.

From an early-stage engagement focused on SOC 2 Type 1, we have since supported them through ISO 27001:2022 recertification and ongoing assurance activities, including Microsoft SSPA and related compliance requirements.

What has stood out most is their commitment to embedding accessibility and trust into everything they do. Following their SOC 2 audit in 2020, their approach to governance, security, and compliance has continued to mature in parallel with their global growth, and it has been rewarding to play a small part in that journey. 

Fable continues to be a strong example of how organizations can build robust, scalable compliance programs while staying true to their mission and user focus. 

- Mark Mandel, Founder of MHM.