How Drata Automates CareRev’s Path to SOC 2 Compliance

carerev-screenshot
About

CareRev is a marketplace technology that connects hospitals and health systems and local, vetted healthcare professionals on demand.

LocationLos Angeles, CA
IndustryHealthcare Workforce Management
Socials
A case of how policy templates and automated evidence collection illuminate the SOC 2 roadmap.

About CareRev

Hi, my name is Courtney Hans, I’m a Security Manager at CareRev. CareRev is a healthcare workforce management system. It provides professionals an incredibly flexible platform. We’re changing the model of healthcare.

The Challenge

SOC 2 compliance is really a growth strategy for us. It makes that conversation–that inevitable conversation–when we’re discussing a partnership with a healthcare facility go so much more smoothly.

It can be very challenging for any company to pursue their first SOC 2 compliance. It can be very daunting to just figure out from a project management perspective, from a company work strategy perspective, to figure out where do we start here.

Why Drata

We overcame those challenges by partnering with Drata… one of the first things they did was introduce us to our touchpoint at Drata, who had been through this before, had talked to many customers before, connected us with an incredible audit team, and really helped guide us on where to start.

The Experience

One of the most helpful things about the Drata platform was the organization it provided.

The Drata framework is laid out so there’s no guesswork around what the compliance pieces are. Everything is in there, it’s like a ready-to-go checklist. I made it very seamless and I also knew auditors that I was working with had worked with the platform as well so it was a very holistic project management system where they knew what I was working on, I knew what I needed to work on; the company was well-advised and well-equipped to provide the evidence that the auditors were going to need.

So it makes it very seamless, far more efficient than had I been doing it without the Drata platform, certainly with tons and tons of screenshots and evidence that I needed to collect for the auditors; it just kept me organized and tidy.

I’ve really enjoyed working with the Drata team and everyone’s been incredibly helpful and responsive – that’s one of the things I look for when looking for a vendor partner to help me manage my work and they’ve delivered in spades.

Resources for you
PCI Compliance Cost What It Takes to Become Certified

PCI DSS Compliance Cost: What It Takes to Become Certified

Cybersecurity Asset Management

Why Cybersecurity Asset Management Matters and How to Prioritize It

Drata Leadership Update

Drata Brings On New CRO and First-Ever COO to Fuel Hyper Growth

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.