How Calendly Reduced Hours Spent on Audit Prep by 90% with Drata’s Compliance Automation

Asset - Calendly v2
About

Calendly’s scheduling automation platform helps individuals, teams, and organizations globally automate the meeting lifecycle by removing the back and forth with scheduling.

LocationAtlanta, Georgia
IndustrySoftware Development
Socials
A case on Calendly's strategic shift to automated compliance with the help of Drata.

Introduction to Calendly

Calendly is a leading scheduling automation platform that simplifies the process of setting up meetings. Recognized for its robust security measures, Calendly is actively pursuing SOC 2 Type 2 compliance, driven by the needs of its customers. The platform's commitment to security is underscored by its annual risk assessments, ensuring that it not only meets but exceeds industry standards.

Navigating the Challenges of Manual Compliance

Before transitioning to a more automated system, Calendly’s compliance operations were manually driven, relying on traditional methods such as Excel spreadsheets for tracking and storing all necessary compliance documentation in centralized repositories. This approach required extensive effort from the Governance, Risk, and Compliance (GRC) team, primarily consumed by the preparation for audits. The manual process was not only time-intensive but also prone to errors, leading to a critical need for a more robust and efficient solution to handle the growing complexity of compliance requirements.

Enhanced Scalability through Integration and Automation

The implementation of Drata's automation platform was a turning point for Calendly. This transition allowed the GRC team to shift their focus from routine compliance tasks to initiatives that add significant value to the company. Drata’s platform automated the tedious process of evidence collection, significantly reducing the dependency on Calendly’s engineering team, who previously had to manually gather and upload evidence for audits. This change not only streamlined the audit process but also freed up the engineering team to concentrate on product development and innovation.

Drata's integration capabilities have played a crucial role in enabling Calendly to scale its operations seamlessly. As Calendly incorporated new technologies into its infrastructure, Drata’s platform facilitated easy integration, offering a “plug and play” solution that was not available with other tools on the market.

Drata’s strategic integration partnerships ensured that Calendly’s compliance infrastructure could grow in tandem with its technological advancements, maintaining security and compliance without hindering compliance operations.

Elevating Risk Management

With Drata, Calendly has also enhanced its approach to risk management. By utilizing Risk Management by Drata, Calendly began to engage in more strategic risk assessment and management. The platform's method of categorizing risks by likelihood and impact provided Calendly with a clearer perspective and a more structured approach to prioritizing risk mitigation efforts. Calendly's team found unparalleled value in Drata's holistic view of the GRC function, which no other tool on the market offered.

Return on Investment

The adoption of Drata has led to remarkable efficiencies in Calendly’s compliance processes. Previously, the GRC team projected spending approximately 60-70 hours on audit-related activities annually. However, after implementing Drata, the total time spent on the audit process was reduced to just three hours for the entire year, marking an 80 to 90% decrease in audit field work activities. This drastic reduction not only signifies a massive decrease in labor costs but also exemplifies the streamlined audit structure Calendly achieved with Drata.

Calendly’s strategic decision to implement Drata has transformed its approach to compliance and risk management, resulting in reduced costs and enhanced operational efficiency. By reducing the operational burden of audits and enhancing the GRC function, Calendly has not only saved substantial time but has also positioned itself as a more trustworthy and efficient service provider. 

I strongly believe that there's no other tool out there that provides such a holistic view of the GRC function like Drata does.

Rishi Bhatia

Information Security - GRC, Security Operations

Resources for you
SOC 2 Points of Focus

Everything You Need to Know About the Revised Points of Focus for the SOC 2 Trust Services Criteria

List Shift Left Security

What is Shift Left Security and Why Should Businesses Incorporate It?

List 13 states with comprehensive privacy laws

These Are the 13 States With Comprehensive Consumer Privacy Protection Laws

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.