How Emerge Got a Head Start on SOC 2 Compliance with Drata

The Challenge

While Emerge is a small-but-mighty team, we work with some heavy hitters where security is always top of mind. We knew they were expecting a SOC 2 report, so we decided as a team to start working toward compliance early on and avoid that hurdle in the future.

A New Journey

Even though our team is aware of general best practices for writing secure code and sound software development techniques, we were all pretty new to the world of SOC 2. We’ve implemented processes that are addressed in the SOC 2 Type 1 compliance framework – like turning on two factor authentication or having a firewall – but having validation that attests to those processes is a different ball game.

Using Drata

Drata made the compliance journey incredibly easy. Being able to quickly pull our policies from a centralized platform when requested immediately builds trust with our customers, and the policy templates eliminate the laborious task of having to write policies from scratch on our own. Automating evidence collection was another huge component that really eased our workload and allowed us to continue servicing our customers while Drata ran behind the scenes.

ROI

As a startup, the time we saved by using Drata also saved our ability to pursue multiple deals without a slowdown in business. Without the policy templates, we’d still be going through security reviews! And being able to onboard the rest of our team through security training ensures everyone contributes to our strong security posture.

What’s Next?

By working with Drata and achieving SOC 2 Type 1 compliance, we’ve set up a major advantage for Emerge as we continue to work with bigger and bigger companies. We’re striving to become an enterprise ourselves, and we know that a solid compliance program contributes to that type of growth.