A case of building confidence in processes, tooling, and evidence required for standing up a strong security posture
We knew that we had some good security practices but needed the validation of SOC 2 compliance to demonstrate this more easily to our prospective customers. Our customers use Chameleon for business-critical user engagement within their software, which includes passing user data, so it’s imperative that we maintain strong security practices, and can easily demonstrate these to prospects to help us close sales deals. Almost all of our larger prospects have a security evaluation stage during the buying process which we wanted to make as smooth and seamless as possible.
One of the most compelling aspects of Drata was the time-to-value. We could get value on Day 1 of using Drata with their standardized policies that we could adapt and leverage. We’ve already used these across our sales deals. In addition we found the continuous monitoring Drata offered as a truly credible way to demonstrate our adherence to our security protocols, and the live report that lets customers/prospects see the specific details of this is such a killer feature. It moves away from trading notes in spreadsheets to being able to see clear proof of compliance!
Drata’s partnership model has been really impressive; they’ve worked with us and gone above and beyond to provide us tips, suggestions, connections, and support, as we’ve onboarded onto our platform and initiated improvements and enhancements to our systems and processes. We felt like we were getting software + consultants and that is so valuable.
We’ve already used policies generated in Drata, referenced our continuous monitoring in security questionnaires, helped validate our team’s security training, and made improvements to our infrastructure access control, thanks to Drata. This is all within the first couple of months, and we’re looking forward to moving towards SOC 2 Type II compliance in the coming months.
We’ll be looking to standardize how we engage prospects through the security evaluation phase when they are looking to purchase Chameleon, leveraging Drata. We already offer a bug bounty program that we run in-house and we’ll be look to expand and formalize this so we can always stay ahead of the latest risks and threats. And of course we look forward to SOC 2 Type II compliance soon!
Before Drata, I felt like SOC 2 would be such a pain and kept putting it off. Drata makes it really accessible and straightforward and we're actually enjoying the process.
Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.