How Clair Embraced Drata to Gain and Maintain SOC 2
Clair is a fintech company with a mission to get people access to their wages as soon as possible. Clair’s technology provides Instant Pay Access as a Service for human capital management and gig platforms, allowing workers to get paid daily.
Considering SOC 2
As a fintech company, protection of customer data is key to our success. We knew that data security and integrity had to be at the top of our priority list from day one. We saw compliance as an effective way to get started and help instill our employees throughout the company with a security driven mindset.
Some members of our team had completed the SOC 2 process in past roles, and were aware of its value as well as the enormous undertaking it took to complete manually. We had a small team with limited resources, but still wanted a white glove, high-touch level of service that could help support us throughout the process. We were hopeful that a compliance automation solution could allow us meet our goals without taking time away from the engineering team and derailing our product roadmap.
The Clair team evaluated a number of products in the space, and were ultimately sold on Drata’s high level of automation, user experience, industry expertise, and support staff. Drata was “the whole package”, and we were pleased to see the platform and team meet our high expectations throughout every stage of our SOC 2 journey.
We set ambitious goals for obtaining our SOC 2. The entire process was driven by one Clair employee who also had a number of other priorities on his plate. In total, we estimate that Drata saved us hundreds of hours and reduced the time it would have taken to do this manually end-to-end by well over 80%.
The lead employee on our SOC 2 project loved the “gamification” element of the Drata platform. Once all of our integrations were up and running, it took seconds to go into our dashboard and see when our program was meeting less than 100% compliance. Drata showed us precisely what was needed to get back to full compliance, allowing us to do that quickly and seamlessly. This type of user experience was enormously motivating and helped provide peace of mind.
The auditor view that Drata offers was another feature that really wowed us. It saved us many, many emails, meetings, and hours of coordination that it would have otherwise taken to work with our auditor partner. Our auditors were able to access our data, see how it mapped to the relevant controls, and provide feedback in a much more streamlined manner.
What’s Next for Clair?
Now that we’ve gained SOC 2 Type I, it makes perfect sense to move forward with Type II. Drata has allowed us to set up a foundation of continuous compliance that will become a standard part of our growing security program and posture.