As an early-stage startup with deep integrations into its customers’ tech stack, Runway anticipated a surge in inquiries around its security posture. While individuals from our team were familiar with compliance, achieving SOC 2 was an entirely new experience for our company. We knew we needed SOC 2 compliance but didn’t know how or where to start.
After being referred to Drata, it was clear this was the best platform to help us navigate the SOC 2 journey. Drata’s support team was incredibly reliable and dependable, and provided multiple channels of communication whenever we had questions about the process. Knowing there was a dedicated person available provided an invaluable level of comfort, especially for our first time with SOC 2. Drata’s portal served as our main hub to monitor our progress; the real-time status of our controls was easy to understand and gave us insight into how we’d further elevate our security posture in the future.
Drata’s agility was also critical in our smooth journey, adding new features and capabilities throughout the process that directly streamlined our own experience. Knowing the platform is quick to adapt to our needs gave us confidence in our ability to evolve together.
We first began this process thinking the compliance process was just part of the cost of doing business, but using Drata gave us an eye-opening view into how strong our security foundation was overall. And because compliance wasn’t in our wheelhouse, learning SOC 2 and communicating needs and tasks to the rest of the team allows us to establish a security-first mindset at Runway. We’re better off as a company understanding the ins and outs of SOC 2 compliance as we continue to grow, and Drata helped us to do just that.
Enhancing our security posture with SOC 2 compliance makes a big difference in our growth trajectory. Now that we’ve obtained a clean SOC 2 Type 1 report, we’re excited to scale the business with Drata’s continuous monitoring features and stay on track with compliance. And having gone through the audit process with Drata’s help, we have the confidence to consider expanding to additional frameworks as our pipeline evolves with larger customers.
Could we have Googled our way into SOC 2 compliance? Sure, but that would have easily taken hundreds of hours in education and guesswork alone. Without Drata’s guidance, this process would have been a nightmare. More importantly, Drata’s automation provided a seamless SOC 2 experience and integrated into our existing initiatives - we never felt like we had to set aside company goals in order to become SOC 2 compliant.
Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.