Why SOC 2
A majority of Orchestry’s customer base is larger, enterprise companies who require proof of our robust security protocols. The larger the companies we work with, the more compliance measures we need to take to ensure proper security posture and world class security. There aren’t many competitors in our industry that have taken the steps necessary to achieve SOC 2 compliance, so this was a major differentiator within our target market. We were determined to show how serious we take securing and protecting our customers’ data.
Because Orchestry is an adoption and governance platform for Microsoft 365, our main focus was finding a partner that could easily integrate with our current tech stack. In researching compliance automation platforms, we found that Drata had the best integration capabilities with the Microsoft stack, particularly with Azure. Drata’s ability to report on the Microsoft stack was much stronger than other platforms, and is what ultimately sold us on working with them. The user experience and additional features Drata offered Orchestry ensured we chose the right partner for SOC 2 compliance.
Drata’s automation helped make the process as painless as possible, and saved us from starting from scratch, which was a major challenge we anticipated with SOC 2 compliance. They served as our very own project manager and provided visibility into our security standings, making the path to SOC 2 easy and achievable. Because of Drata’s guidance, what we thought would take Orchestry months, only ended up taking us about six weeks. Not only was the process simple, but it was also very manageable for our team. As our company continues to grow, we feel confident in our ability to scale our compliance measures and onboard employees correctly with Drata.
Our engineers and CTO found Drata’s integration capabilities made setting up our tech stack for security and compliance protocols super simple. The functionality of assigning Orchestry team members to specific security tasks was powerful and streamlined our internal communications. Having access to live reporting made understanding our current security posture very straightforward, and the steps we needed to take to achieve SOC 2 compliance were clearly laid out to us. The thought of developing policies from scratch was painful, so having pre-built, editable policies available to use was a huge deal. Another key benefit of using Drata as our partner was the resources that came along with it. We had access to auditors and team members with technical security experience, who were available to answer our questions and helped guide us through the entire process.
From a technical standpoint, it would have been very difficult for us to ascertain exactly what we needed to do to achieve SOC 2 success, had we pursued this manually. Drata laid out very clearly what compliance measures we needed to take, which ended up saving our team about 70 hours of manual work. And the time saved is continuous—we’re able to save half a day of work with each new employee just by onboarding them through Drata’s platform. From start to finish, Drata made the entire SOC 2 process simple by providing us with the support we needed throughout the whole journey.
While achieving SOC 2 Type 1 compliance already puts us heads and shoulders above our competitors, our next step is obtaining a SOC 2 Type 2 report. Drata has enabled us to consistently adhere to security best practices in a very simple and transparent way. Orchestry looks forward to continuing to prioritize security and compliance protocols, and scaling these practices in the near future with Drata’s help.
Drata offers amazing value for money for any business trying to gain a better understanding of their current security posture. Their continuous monitoring allows us to put our best foot forward from a security perspective in a simple, transparent, and easy way. You'd have to be crazy to not use a platform like Drata to streamline the SOC 2 process.
More Case Studies
Subscribe & receive the latest content.
Subscribe & receive the latest content.
Get Started Today
Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.