Why VIVIO Health Banked on Automation for SOC 2 Type 2 Compliance

A case of how Drata reduces the time and cost associated with compliance
ABOUT VIVIO Health
VIVIO is a specialty drug management company with a mission to use data to transform healthcare delivery while lowering costs.
Website
Location
San leandro, CA
INDUSTRY
Healthcare Outcomes Management
SOCIAL

Why SOC 2

As a company in the healthcare space, we understand the importance of protecting our customer’s data and are always looking for ways to strengthen our security posture. We work primarily with large, self-insured employers who recognize SOC 2 compliance as a proof point for doing business. Aside from already being HIPAA compliant, we knew that if we were going to implement an audit standard, we should pursue a framework that our customers are familiar with and that shows an internal and external commitment to security. For us, that meant obtaining a SOC 2 Type 2 report.

The Challenge

We have a sophisticated architecture in a complex environment with many systems in which we manage compliance manually. While we had streamlined processes and predictability around maintaining it, we continuously asked ourselves:

  • Is there a better way to do this?
  • Is there an alternative that will save us time?
  • Is there a solution that can help reduce overall costs?

That led us to compliance automation.

Why Drata

While we’ve been SOC 2 compliant for many years, after researching various automation platforms, we knew we could use Drata to improve our efficiency, time- and cost-wise. The Drata team was engaged with us from the start, offering detailed insight into the overall process and ensuring the journey was as smooth as possible.

In addition, we were thrilled with the level of automation the Drata platform provides. From minimizing the burden of evidence collection to streamlining employee security training, Drata alleviated much of the managing component of compliance that we were so used to doing manually.

ROI

Drata easily saved us at least 50% of our time from a process perspective by automating the path to SOC 2 Type 2 compliance. Beyond time, Drata also helped us reduce our audit expenses – we used an audit partner within Drata’s auditor community, which led to a more cost-effective audit. Overall, going with Drata significantly impacted our operational expenses and turned the implementation experience into a net positive.

What’s Next?

Achieving automation of SOC 2 Type 2 compliance is another critical piece to our security program that we’re constantly evolving. With SOC 2 compliance now automated, we have extra cycles to focus on our goal of bridging the gap between clinical trial data and actual patient outcomes.

Coming from a security background, we knew SOC 2 Type 2 compliance was important to maintain, but we were at a fork in the road between continuing to manage the process manually or betting on automation. In doing the latter with Drata, we saved valuable time and money in maintaining compliance, giving us more time to focus on life-saving issues. In short, Drata made our lives simpler.

Pramod John - CEO, VIVIO Health

Subscribe & receive the latest content.

Subscribe & receive the latest content.

PUT COMPLIANCE ON AUTOPILOT

Get Started Today

Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.

JOIN THE THOUSANDS OF COMPANIES THAT TRUST DRATA
Trusted by the best: