Leaning on Automation to Expedite Security Questionnaires and Establish Customer Trust
APL nextED is a comprehensive academic operations platform for managing workflows, data, and reporting that links faculty and student data to optimize teaching, advising, and mentoring to increase student success.
As an edtech company, APL nextED’s platform displays data, generates data, and integrates data from third party systems; sometimes includes personally identifiable information and student data. A big part of the sales process for any software includes an “IT diligence review”. APL is no exception. The IT diligence review involves completion of an extensive list of questions related to our security program and a meeting with a prospective partner’s IT/Security Compliance Team. We are regularly asked if we’re SOC 2 compliant.
Most often the work to prepare for an IT diligence review, including completing responses to the security survey and meeting with the compliance team, falls on the APL tech team. This means that the sales team has to wait for the IT team to find time to collect the specific information the prospective school has requested. This may slow down the sales process and disrupt the development roadmap schedule.
To solve this problem we knew we needed to pursue SOC 2 compliance and to find some way to easily document, track and report on our security protocols, standards and practices.
When undergoing an initial evaluation with another platform, we realized that there was a level of automation that was missing and that the underlying features still required a significant amount of manual work.
Drata’s automation-led approach was unmatched, and the platform provided a lot more support for API integrations. We were looking for a partner that could streamline the journey so we’re not constantly burdened with tasks like uploading screenshots of our visitor log. We found that partner in Drata.
Drata’s continuous control monitoring and integrated agent provide us significant value in making sure we have everything in place. And Drata as a company has been excellent – the support team has guided us along every step of the journey thus far. They even brought in their team of experts to share guidance on other compliance frameworks we have on the horizon, pointing out overlap and best practices for implementation.
While APL nextED is still on the path to SOC 2, we’ve already experienced Drata’s value firsthand, especially with onboarding new employees. We also recently received a diligence request from a prospect, and because we were able to pull documentation directly from the Drata platform, we’ve already signed them on as a new customer. The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!