Drata’s Partner POV series spotlights the leaders and teams in our partner ecosystem who are helping customers modernize security, compliance, and trust. In each installment, we share a partner’s on-the-ground perspective on what they’re seeing in the market—what’s changing, what’s proving difficult, and what’s working—plus practical takeaways for building stronger, more resilient programs.
In this edition, we’re joined by John Schimelpfenig, Director Global Technology & Marketplace Partnerships at Tines. John shares what’s top of mind for Tines customers across security, IT, and compliance, from the operational drag of disconnected tools and manual evidence collection to the shift toward continuous, always-on security work—and of course, how Tines and Drata are partnering to help teams move beyond point-in-time audits. Together, Drata’s continuous control monitoring and Tines’ intelligent workflows streamline evidence collection, accelerate remediation, and keep audit-ready proof current, consistent, and easy to trace.
Introducing Tines
Tines is the intelligent workflow platform trusted by the world’s most advanced organizations (companies like Coinbase, Databricks, GitLab, Mars, Reddit, and SAP) to power their most important workflows. It provides a secure, flexible foundation to operationalize AI agents and intelligent workflows, helping teams move faster, unlock productivity, and future-proof how work gets done.
Founded by security practitioners, Tines takes a workflow-first approach designed for real problems in modern security and IT. It supports intelligent workflows that blend deterministic, human-led, and agentic AI; delivers governance, compliance, and auditability out of the box with deployment options for critical use cases; and stays vendor-agnostic—if it has an API, Tines can securely connect to it, including webhooks, MCPs, and LLMs. With 16,000+ templates and rapid build tools, backed by expert services and trusted partners Tines offers fast time to value in its category.
Top of Mind Challenges for Tines Customers
Many customers choose Tines because disconnected tools and fragmented processes slow down IT, security, and compliance work. Alerts, requests, and evidence live in separate systems, creating blind spots, constant context-switching, and noisy handoffs that increase risk and pull teams away from higher-value work.
Tines connects existing tools into governed workflows so teams can coordinate people, systems, and data in one place, reducing manual effort and interruptions while moving faster without sacrificing security, auditability, or compliance. AI is embedded throughout the platform to make workflows easier to build and understand, so teams spend less time on “muckwork” and more time strengthening their security posture.
Compliance Trends + Key Pain Points
Compliance is one of the most common operational pain points for security teams. It’s not that it lacks value; after all, being able to prove security maturity is a competitive advantage. The challenge is how it’s typically done: manually, repetitively, and with a high risk of error. Teams lose weeks to audits, pulling logs, taking screenshots, and reconciling spreadsheets. Engineers are pulled off critical work to collect evidence that’s outdated almost immediately. It’s draining, and it happens multiple times a year.
Underestimated, Unexpected Shifts in Security Operations
Security, IT, and risk work is now continuous, but many organizations still run on episodic processes built for a slower pace. Signals arrive in real time, yet coordination between people and systems hasn’t kept up, leading to missed context, more manual work, and higher risk. Organizations should shift to workflows that connect tools, preserve context, and build guardrails directly into execution so work flows instead of stalls, and teams can move faster without losing visibility or control.
Tines + Drata = Better Together
By combining Drata for continuous control monitoring with Tines for intelligent workflows, teams can move beyond one-off audits. The result is a more sustainable, scalable approach to continuous compliance that’s already working in leading organizations.
Use Cases for Tines + Drata
Security leaders, GRC managers, and compliance owners—especially teams responsible for SOC 2, ISO 27001, HIPAA, PCI, and related frameworks—all benefit from the combination of Drata and Tines. The following activities are just some of the use cases:
1. Streamlined evidence collection
Evidence collection is often the most time-consuming part of compliance. Audits require proof that controls are operating as intended—encrypted endpoints, recurring vulnerability scans, and secure cloud configurations—but manual collection usually means exports, screenshots, and shared folders.
With Drata connected to core systems and Tines orchestrating the rest, teams collect evidence continuously: Drata ingests proof through native integrations, and where custom pulls are needed, Tines Stories query APIs on a schedule, transform outputs, and upload evidence directly into Drata.
A weekly vulnerability workflow shows this in action: Tines calls the scanner API, normalizes results, uploads a report to Drata’s evidence library, and posts a Slack confirmation. If something fails, the Story retries with backoff and alerts owners with diagnostic details—shrinking audit prep time while keeping evidence current and accurate.
2. Compliance monitoring and alerting
Controls drift over time. For instance, a storage bucket appears without encryption, an admin account is created without MFA, or logging is disabled. In manual programs, these issues often surface only during an audit. With Drata monitoring, drift is flagged immediately, and Tines turns that signal into action: a Story validates the finding, applies the policy where safe and approved, creates a ticket for visibility, uploads remediation proof to Drata, and notifies stakeholders. Monitoring becomes proactive enforcement backed by complete, auditable evidence.
3. Audit preparation and response
Audits can trigger weeks of evidence gathering across teams, but continuous collection changes the equation. Using Tines, organizations can automatically pull employee background check confirmations or attestations from HR systems and upload them to mapped Drata controls on a recurring schedule. Drata centralizes and links these updates to the right frameworks and controls, so when an auditor asks, the proof is already there—consistent, timestamped, and ready for review.
4. Vendor risk management
Third-party risk is a growing focus, and vendor assessments often require questionnaires, response collection, risk scoring, and remediation tracking. Drata automates assessments and ongoing risk monitoring, maintaining records, centralizing evidence, and applying configurable scoring as new data arrives. Tines orchestrates the cadence: it pulls the vendor list quarterly, sends questionnaires, captures responses via webhook, scores outcomes against criteria, updates the vendor record in Drata, and alerts on high-risk results, keeping the process consistent, on schedule, and easy to audit.
Customer-Favorite Joint Capabilities and Integrations
Customers consistently respond to the Drata + Tines combination of Templates and Stories, which make it easy to deploy proven workflows quickly and tailor them to their environment.
Common outcomes customers measure include hours saved per compliance workflow or audit event, more control violations identified and resolved automatically, and a meaningful reduction in time to audit readiness.
Teams also report wins like increased audit success rates with fewer findings, faster detection and resolution of GRC-related incidents, and greater consistency across audits. Over time, that operational lift translates into less burnout and turnover among compliance staff—and stronger internal confidence in the control environment.
Another win for Tines + Drata users comes from how vendor-agnostic Tines is. It can connect to anything with an API, which effectively extends Drata into the rest of the stack, bringing systems like Jira and Orca Security into governed, automated compliance workflows.
What 2026 Holds For the Tines + Drata Partnership
We’re excited about how the Drata and Tines partnership can further empower security teams at every level, especially frontline analysts and security leaders. In combination, we can move teams beyond point-in-time compliance by automating remediation guidance, evidence collection, and approval workflows while making complex security data easier to query and interpret.
Longer term, the Drata and Tines pairing enables continuous, AI-assisted posture insights—surfacing what’s changed, what’s newly exposed, and where risk is emerging—so teams can make faster, more informed decisions. The result is a more accessible, proactive approach to compliance that scales with modern cloud and security environments.
Tines + Drata = Better Together
Modern compliance cannot be static. New frameworks, evolving threats, and architectural shifts require agility and adaptability. These solutions are built for this reality. As organizations grow, new teams, regions, or products will inherit existing controls and benefit from templated workflows.
Tines and Drata together enable centralized governance with decentralized execution, allowing organizations to move from reactive to resilient and build future-proof, automated GRC programs.
Ready to get started?
- Learn more and explore the possibilities of Tines + Drata together with a custom demo.
- Sign up for Tines community edition for free, import our Tines + Drata stories and start building today.
