Why Lumiio Chose Drata to Earn and Maintain Stakeholder Trust
Lumiio specializes in disruptive digital health technology and real-world data collection services to empower health communities and improve quality of life.
Path to SOC 2
Because Lumiio focuses on real-world digital health data collection, we knew data protection and cybersecurity were foundational elements upon which the trust of our stakeholders is earned and maintained. We pursued SOC 2 Type 1 compliance as tangible validation of our corporate values and continued commitment to ensuring the highest levels of cybersecurity for our stakeholders, processes, and technologies.
After reviewing several platforms, we concluded that Drata was the best fit due to its focus on controls automation and reporting. The expansive list of integrations Drata has with other cloud-based software was also a deciding factor. We knew Drata’s out-of-the-box policies and controls that were mapped to Trust Services Criteria would significantly expedite efforts to configure and demonstrate evidence and requirements of SOC 2.
We’ve had a very positive experience with Drata. The team displayed great support throughout the SOC 2 Type 1 journey, answering any questions that arose on a timely basis. Drata has been a great partner in building best-in-class security frameworks, empowering us to serve our clients with a demonstrated focus on information security and data protection.
With Drata, we achieved SOC 2 Type 1 compliance in two months from start to finish, including audit time. Without Drata, this process would have taken 12-18 months with significantly more internal resources dedicated to manually collecting information compared to configuring connections, controls, and policies on the front end.Overall we estimate we saved approximately 85% of our time and application on achieving SOC 2 Type 1 compliance with Drata, with just 50% of the cost of internal and third-party resources necessary to maintain compliance.
Becoming SOC 2 Type 1 compliant with Drata reaffirms our commitment to best-in-class information cybersecurity. We’ll continue providing our stakeholders with the highest degree of privacy and building our robust operational model to meet and exceed the SOC 2 requirements for data protection.