As a fintech company, protection of customer data is key to our success. We knew that data security and integrity had to be at the top of our priority list from day one. We saw compliance as an effective way to get started and help instill our employees throughout the company with a security driven mindset.
Some members of our team had completed the SOC 2 process in past roles, and were aware of its value as well as the enormous undertaking it took to complete manually. We had a small team with limited resources, but still wanted a white glove, high-touch level of service that could help support us throughout the process. We were hopeful that a compliance automation solution could allow us meet our goals without taking time away from the engineering team and derailing our product roadmap.
The Clair team evaluated a number of products in the space, and were ultimately sold on Drata’s high level of automation, user experience, industry expertise, and support staff. Drata was “the whole package”, and we were pleased to see the platform and team meet our high expectations throughout every stage of our SOC 2 journey.
We set ambitious goals for obtaining our SOC 2. The entire process was driven by one Clair employee who also had a number of other priorities on his plate. In total, we estimate that Drata saved us hundreds of hours and reduced the time it would have taken to do this manually end-to-end by well over 80%.
The lead employee on our SOC 2 project loved the “gamification” element of the Drata platform. Once all of our integrations were up and running, it took seconds to go into our dashboard and see when our program was meeting less than 100% compliance. Drata showed us precisely what was needed to get back to full compliance, allowing us to do that quickly and seamlessly. This type of user experience was enormously motivating and helped provide peace of mind.
The auditor view that Drata offers was another feature that really wowed us. It saved us many, many emails, meetings, and hours of coordination that it would have otherwise taken to work with our auditor partner. Our auditors were able to access our data, see how it mapped to the relevant controls, and provide feedback in a much more streamlined manner.
Now that we’ve gained SOC 2 Type I, it makes perfect sense to move forward with Type II. Drata has allowed us to set up a foundation of continuous compliance that will become a standard part of our growing security program and posture.
With Drata, I was able to get us SOC 2 compliant against an aggressive timeline...and it definitely wasn't my full time job. I didn't have to interrupt my team or derail our product priorities in order to focus on compliance. Also, I found the 'gamification' element of the Drata dashboard totally appealing. There's something extremely satisfying about quickly identifying and remediating a gap, and running a test to see that '100%' pop up on your screen.
Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.