New: Manage Compliance and Risk in One Location with Drata. Learn More.

How Chameleon Leveled-Up Their Security Program with SOC 2 Type 2 Compliance

A case of building confidence in processes, tooling, and evidence required for standing up a strong security posture
ABOUT Chameleon
Chameleon allows you to create beautiful product guidance that helps, navigates, and delights your users throughout their journey.
San Francisco, CA
Computer Software

The Challenge

We knew that we had some good security practices but needed the validation of SOC 2 compliance to demonstrate this more easily to our prospective customers. Our customers use Chameleon for business-critical user engagement within their software, which includes passing user data, so it’s imperative that we maintain strong security practices, and can easily demonstrate these to prospects to help us close sales deals. Almost all of our larger prospects have a security evaluation stage during the buying process which we wanted to make as smooth and seamless as possible. But before we met Drata, we anticipated SOC 2 Type 2 would be such a pain and kept putting it off.

The Solution

One of the most compelling aspects of Drata was the time-to-value. We could get value on Day 1 of using Drata with their standardized policies that we could adapt and leverage. We’ve already used these across our sales deals prior to even receiving an attestation report. In addition we found the continuous monitoring Drata offered as a truly credible way to demonstrate our adherence to our security protocols, and the live report that lets customers/prospects see the specific details of this is such a killer feature. It moves away from trading notes in spreadsheets to being able to see clear proof of compliance!

Why Drata?

Drata’s partnership model has been really impressive; they’ve worked with us and gone above and beyond to provide us tips, suggestions, connections, and support, as we’ve onboarded onto our platform and initiated improvements and enhancements to our systems and processes. We felt like we were getting software + consultants and that is so valuable.

The Experience

Within just the first couple of months, we were able to use policies generated in Drata, reference our continuous monitoring in security questionnaires, help validate our team’s security training, and made improvements to our infrastructure access control.

Drata really made SOC 2 Type 2 compliance more accessible and easy-to-understand. The support team provided ample best practices, suggestions, tools, and tips which helped us further understand our compliance posture and even navigate how to engage with auditors. Having a centralized platform was also critical for us in quickly showing our customers the protocols and policies we have in place without digging through our system.


We had little guidance prior to working with Drata, leading us to think we’d have to hire an external consultant that would be both time-intensive and expensive. Drata quickly dispelled those myths and outlined the entire process for us in a digestible manner. We were able to save tens of thousands of dollars by using Drata and leaning on automation to guide the journey, all while handling everything in-house.

What’s Next?

Now that we’re SOC 2 Type 2 compliant, we’re looking to standardize how we engage prospects through the security evaluation phase when they are looking to purchase Chameleon, leveraging Drata. We’re also expanding our bug bounty program that we run in-house to stay ahead of the latest risks and threats.

We’ve always been a security-forward company, but using Drata helped seal that stamp of credibility and authority by successfully achieving SOC 2 Type 2 compliance and further demonstrating Chameleon’s commitment to the best-in-class security practices.

Pulkit Agrawal - CEO, Chameleon

Subscribe & receive the latest content.

Subscribe & receive the latest content.


Get Started Today

Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.

Trusted by the best:
Case Study:

Learn how Iteratively used Drata to get their SOC 2 report faster than most thought possible, and now monitor their security & compliance posture…