Why Lumiio Chose Drata to Earn and Maintain Stakeholder Trust


Lumiio specializes in disruptive digital health technology and real-world data collection services to empower health communities and improve quality of life.

LocationCalgary, Alberta
IndustryDigital Health
A case of how automation can save on resources and compliance costs while enhancing security programs.

Path to SOC 2

Because Lumiio focuses on real-world digital health data collection, we knew data protection and cybersecurity were foundational elements upon which the trust of our stakeholders is earned and maintained. We pursued SOC 2 Type 1 compliance as tangible validation of our corporate values and continued commitment to ensuring the highest levels of cybersecurity for our stakeholders, processes, and technologies.

Why Drata

After reviewing several platforms, we concluded that Drata was the best fit due to its focus on controls automation and reporting. The expansive list of integrations Drata has with other cloud-based software was also a deciding factor. We knew Drata’s out-of-the-box policies and controls that were mapped to Trust Services Criteria would significantly expedite efforts to configure and demonstrate evidence and requirements of SOC 2.

The Experience

We’ve had a very positive experience with Drata. The team displayed great support throughout the SOC 2 Type 1 journey, answering any questions that arose on a timely basis. Drata has been a great partner in building best-in-class security frameworks, empowering us to serve our clients with a demonstrated focus on information security and data protection.


With Drata, we achieved SOC 2 Type 1 compliance in two months from start to finish, including audit time. Without Drata, this process would have taken 12-18 months with significantly more internal resources dedicated to manually collecting information compared to configuring connections, controls, and policies on the front end.Overall we estimate we saved approximately 85% of our time and application on achieving SOC 2 Type 1 compliance with Drata, with just 50% of the cost of internal and third-party resources necessary to maintain compliance.

What’s Next?

Becoming SOC 2 Type 1 compliant with Drata reaffirms our commitment to best-in-class information cybersecurity. We’ll continue providing our stakeholders with the highest degree of privacy and building our robust operational model to meet and exceed the SOC 2 requirements for data protection.

Achieving our SOC 2 Type 1 with Drata is a testament to our corporate values and continued commitment to ensuring the highest levels of cybersecurity for our stakeholders, processes and technologies. Our current and future partners can have the confidence to know that we prioritize cybersecurity and have built a robust operational model to meet & exceed the SOC 2 requirements for cybersecurity.

Blaine Penny

CEO, Lumiio

Resources for you
Momentum Blog Thumb

Reflecting on FY24: Resilient Growth and Leadership in Compliance Automation

Biden's executive order on AI

What the Biden Administration’s New Executive Order on AI Will Mean for Cybersecurity

Launch Alliance Program Allbound Banner

Introducing our New Partner Program: Launch—The Drata Alliance Program

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.