Drata just released NIST 800-53 + 8 more frameworks. Learn more here

Why Lumiio Chose Drata to Earn and Maintain Stakeholder Trust

A case of how automation can save on resources and compliance costs while enhancing security programs
ABOUT Lumiio
Lumiio specializes in disruptive digital health technology and real-world data collection services to empower health communities and improve quality of life.
Calgary, Alberta
Digital Health

Path to SOC 2

Because Lumiio focuses on real-world digital health data collection, we knew data protection and cybersecurity were foundational elements upon which the trust of our stakeholders is earned and maintained. We pursued SOC 2 Type 1 compliance as tangible validation of our corporate values and continued commitment to ensuring the highest levels of cybersecurity for our stakeholders, processes, and technologies.

Why Drata

After reviewing several platforms, we concluded that Drata was the best fit due to its focus on controls automation and reporting. The expansive list of integrations Drata has with other cloud-based software was also a deciding factor. We knew Drata’s out-of-the-box policies and controls that were mapped to Trust Services Criteria would significantly expedite efforts to configure and demonstrate evidence and requirements of SOC 2.

The Experience


We’ve had a very positive experience with Drata. The team displayed great support throughout the SOC 2 Type 1 journey, answering any questions that arose on a timely basis. Drata has been a great partner in building best-in-class security frameworks, empowering us to serve our clients with a demonstrated focus on information security and data protection.


With Drata, we achieved SOC 2 Type 1 compliance in two months from start to finish, including audit time. Without Drata, this process would have taken 12-18 months with significantly more internal resources dedicated to manually collecting information compared to configuring connections, controls, and policies on the front end.

Overall we estimate we saved approximately 85% of our time and application on achieving SOC 2 Type 1 compliance with Drata, with just 50% of the cost of internal and third-party resources necessary to maintain compliance.

What’s Next?

Becoming SOC 2 Type 1 compliant with Drata reaffirms our commitment to best-in-class information cybersecurity. We’ll continue providing our stakeholders with the highest degree of privacy and building our robust operational model to meet and exceed the SOC 2 requirements for data protection.

Achieving our SOC 2 Type 1 with Drata is a testament to our corporate values and continued commitment to ensuring the highest levels of cybersecurity for our stakeholders, processes and technologies. Our current and future partners can have the confidence to know that we prioritize cybersecurity and have built a robust operational model to meet & exceed the SOC 2 requirements for cybersecurity.

Blaine Penny - CEO, Lumiio

Subscribe & receive the latest content.

Subscribe & receive the latest content.


Get Started Today

Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.

Trusted by the best:
Case Study:

Learn how Iteratively used Drata to get their SOC 2 report faster than most thought possible, and now monitor their security & compliance posture…