DistillerSR Cut Audit Time by 90% and Improved Security Awareness 10% Year Over Year with Drata and KnowBe4

90%Fewer meetings during SOC 2

75%Fewer auditor requests

40%Fewer internal personnel involved

DistillerSR Cut Audit Time by 90% and Improved Security Awareness 10% Year Over Year with Drata and KnowBe4 thumbnail

Manual processes couldn’t scale with rapid growth and customer expectations

Before adopting Drata, DistillerSR relied on manual, disconnected spreadsheets to manage compliance across teams and systems. As the business scaled, this approach became increasingly inefficient and error-prone. Their audit process was time-consuming and required constant involvement from multiple teams. For a company serving highly regulated pharmaceutical and medical device clients, maintaining trust and delivering on compliance expectations had become a growing challenge—especially without centralized visibility or automation.

The Solution: Unifying compliance, automating audits, and scaling securely

DistillerSR needed a scalable way to manage their compliance as it supported requests from some of the world’s most regulated pharmaceutical and medical device companies. Manual spreadsheets and disconnected systems made it difficult to maintain agility and transparency across their compliance program, especially as the company scaled. Drata stood out by offering an integrated Governance, Risk Management, & Compliance (GRC) platform that could centralize their risk, vendor, and policy management—while seamlessly connecting with existing tools and infrastructure.

“Being able to centralize our compliance program and engage customers through the Trust Center has significantly streamlined our external engagements.”

Kelvin FungDirector of Compliance, DistillerSR

The intuitive UI and automation capabilities made adoption easy across teams. Trust Center and Audit Hub became powerful interfaces for engaging prospects and auditors, streamlining how external stakeholders accessed compliance documentation. Drata’s built-in support for frameworks like SOC 2, GDPR, and NIST AI gave DistillerSR confidence as it matured its program. The integration with KnowBe4 also streamlined security awareness training, with Drata’s continuous monitoring surfacing daily metrics and minimizing manual overhead.

With a compliance program aligned to business growth and customer engagement, Drata helped elevate compliance from a function of necessity to a strategic advantage.

“Drata helped us create a competitive moat, deepening our market differentiation by aligning our operations with an 'always on' continuous compliance program.”

Kelvin FungDirector of Compliance, DistillerSR

The Solution with KnowBe4: Building a Culture of Continuous Compliance Through KnowBe4 and Drata

As part of their broader compliance transformation, DistillerSR used Drata’s integration with KnowBe4 to strengthen employee training and promote a culture of continuous compliance. Initially, DistillerSR started with KnowBe4’s security awareness training to establish a baseline. They then expanded their program by implementing PhishER Plus, enabling more sophisticated phishing simulations and response processes. When DistillerSR adopted Drata, they immediately leveraged the KnowBe4 integration to unify security training data within their compliance monitoring workflows.

To support evolving regulatory needs, such as NIST AI RMF, DistillerSR extended their KnowBe4 training with AI-specific modules, ensuring employees were continuously prepared for new and emerging risks—all while seamlessly tracking everything through Drata.

DistillerSR’s goal was not just to meet compliance requirements, but to foster a proactive, learning-centered culture without overwhelming employees. When they initially rolled out PhishER Plus, training was annual. Realizing the opportunity to shift culture and reduce risk further, they pivoted to offering optional, bite-sized monthly trainings promoted during company town halls. Employees are incentivized through monthly prize draws: one entry for completing and passing a training, and a second entry if they successfully avoid phishing attempts during that month.

This positive reinforcement model helped normalize continuous training without causing fatigue, leading to a +10% year-over-year improvement in their phishing simulation pass rates. Kelvin Fung, alongside DistillerSR’sCISO Alan Charlton, co-manages and promotes this program internally, reflecting how compliance leadership is embedded in DistillerSR’s broader growth strategy.

Drata’s integration with KnowBe4 allowed DistillerSR to track training completion in real-time, maintain visibility into employee risk behaviors, and drive home the message that trust, security, and compliance are essential parts of the company’s DNA—not just administrative tasks.

The Results: DistillerSR slashed audit overhead and turned compliance into a growth driver

With Drata and the integration with KnowBe4, DistillerSR achieved measurable efficiency gains across the board. During their most recent SOC 2 audit, internal personnel involved dropped by 40%, auditor requests fell by 75%, and audit-related meetings were reduced by 90%. These time savings translated into significant cost reductions, with the audit itself completed at a fraction of previous costs.

The Trust Center became a cornerstone of their customer engagement strategy, with over 60% of customer interactions leveraging it—some even completing full audits through the platform. This shift allowed the compliance team to focus on proactive risk management and framework expansion, while Drata’s automation ensured accuracy and visibility without added lift.

“Being able to sync KnowBe4 with Drata gave us daily visibility into training completion, without manual overhead or extra intrusion.”

Kelvin FungDirector of Compliance, DistillerSR