How Pilot Used SOC 2 to Prove Their Commitment to Security
Pilot helps companies hire anywhere. With Pilot, US-based businesses can easily take care of payroll, benefits, compliance and onboarding for remote teams. All in one, secure platform. Pilot is a Y Combinator company.
The Value of SOC 2
Pilot’s solution focuses on distributed global payroll and HR operations. Ensuring that employees are paid the right amount of money at the right time is a very important job, and customers entrust us with sensitive, personal information in order to perform this function. We launched the company with security and privacy at the forefront for this very reason.
We saw SOC 2 as an opportunity to effectively prove out our comprehensive security program to customers and prospects. We had much of what we needed in place – now it was just a matter of going through the audit readiness process and filling in any gaps.
We compared Drata to a legacy player in the space when considering a compliance automation provider. What struck us from the very beginning was just how incredibly quick and responsive the team was. Obtaining SOC 2 was something we wanted to get done as soon as possible, and we felt confident that Drata had the team to help us get there. Considering our aggressive timeline, we also knew that we’d require a high level of support and accessibility. Between Drata’s customer support and our auditor partner, Schneider Downs, we received relevant help and expertise every step of the way.
Aside from the team, the product itself had a clean user interface and features like a personnel grid view and in-platform policy editor that really helped in removing complexity and confusion from the process.
The Audit Experience
From prep to audit to receiving the report, the total process took about two months for us. One month to get all of our controls in order, and another month for the auditor to do their job. Without Drata, we estimate that a manual process would have taken us around 4 times longer, or 8 months total.
Drata’s technology allowed us to take an easy, step-by-step approach that we found enormously helpful. Once our integrations were set up, the majority of our controls were monitored autonomously and continuously, allowing us to move forward with our audit quickly and confidently.
What’s Next for Pilot?
With our successful SOC 2 Type I in hand and Drata continuously monitoring our controls, it makes sense to roll right into SOC 2 Type II. Between Drata, our auditor partners, and Pilot’s strong commitment to security, we’ll continue to prioritize compliance and make it a central theme of how we do business.