Why SOC 2
As a company that provides customer community solutions to other SaaS, consumer online services, and e-commerce companies, it’s important to us that we follow industry best practices when it comes to security and compliance.
We pursued SOC 2 compliance because we wanted to ensure that Tribe provides a secure platform that prospects, customers, and partners can trust. Our company deals with a lot of customer data, and our customers rely on our community platform to keep their data safe. Because of this, our main concerns were protecting both our customers’ data and their customers’ data.
Being able to show proof of our security protocols to prospects during the sales process was another key factor in pursuing SOC 2. This would allow us to decrease our sales cycle and equip our company with more documentation of Tribe’s security practices.
Because Tribe is an SMB tech startup, our opportunity to achieve SOC 2 compliance with a trusted partner like Drata was huge for us. The innovation of Drata’s product stood out to our team when deciding to move forward with a compliance automation platform.
It was evident that the Drata team focuses their efforts on alleviating industry pain points for customers with their product. Drata integrates well with our current tech stack and helps us keep track of our internal infrastructure and ticketing system. Their ability to make the employee onboarding process seamless from a security perspective was another big selling point. Overall, Drata’s platform is a better fit for our company’s needs at a more affordable cost compared to other platforms on the market.
Tribe had the privilege of being an early customer of Drata, and it’s been fascinating to see all of the product improvements over time. Since the beginning, Drata has always prioritized product updates for their customers, so seeing new and updated features consistently get released over the last year has proven Drata to be a trustworthy partner.
While we initially thought becoming SOC 2 compliant would be a massive project, the Drata team put a lot of effort into ensuring success. Drata helped streamline many of our internal processes, especially prospective employee background checks during the onboarding process. The integration with our background check provider was seamless and saved us from having to manually upload many files of information.
Drata’s integrations with Google Workspace, AWS, Jira, GitHub, and their partnership with our HRIS provider have been super handy for our team. These integrations allow our internal information to be pulled automatically, alleviating a lot of work for our team and giving us the ability to focus our energy on in-house projects.
The Audit Process
Our case is unique because we’ve achieved both SOC 2 Type 1 and Type 2 compliance with Drata—which made both compliance efforts very straightforward.
As a company that didn’t have an extensive security background prior to this, Drata clearly laid out what SOC 2 compliance would mean for our business. We were given a complete list of all available compliance controls to pick those relevant to our security program. Knowing which controls were within our scope helped us set clear expectations and apply best practices for SOC 2 compliance. We then included controls in the scope of our SOC 2 parameters which made expectations and best practices for this particular framework very clear.
Before using Drata we considered going for SOC 2 on our own but realized the level of engagement required by our auditor would have taken a lot of time from our employees. The most significant value of Drata has been the amount of time our team has saved through continuous control and compliance monitoring.
Throughout the entire process, Drata’s platform made it easy for our auditor to get any information they needed to complete the audit. All of our documentation is in one centralized dashboard that we can easily share through the Auditor View. Now that our audits are complete, we rely on Drata to continuously monitor the state of our security posture and alert us of any failures.
We look at our security and compliance efforts as long-term, so our biggest return on investment has been Drata’s continuous compliance monitoring.
The control monitoring notifications on failed controls and necessary fixes have been game-changing. These notifications have also streamlined our internal processes and communication. At the end of the day, we know we can count on Drata to flag issues before they become a big mess and keep our best foot forward from a security perspective.
Receiving our clean SOC 2 Type 1 and Type 2 reports is just the beginning of what we’re looking to accomplish with Drata’s help. The Tribe team will continue the good work that we’ve put into becoming SOC 2 compliant and may look into additional compliance frameworks as our company and market grows.
We’ll be relying on Drata to build upon our current security program and look forward to upcoming partnerships and integrations with additional players in the security ecosystem. These initiatives will play a key role as Tribe continues to scale our security standings.
The innovation of Drata’s product brings massive value and time savings to our security and compliance efforts and internal team. We’ve seen, firsthand, the way Drata delivers on their promises as a compliance automation platform, so we trust them to help us build upon our security program. We would not have been able to execute this level of compliance without Drata.
More Case Studies
Subscribe & receive the latest content.
Subscribe & receive the latest content.
Get Started Today
Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.