Drata Saves PolicyDock 6 Months and Empowers Their Lean Team to Focus on the Core of the Business
PolicyDock digitizes and automates insurance workflows, and reduces the time to launch insurance products online. PolicyDock’s turnkey solution creates a seamless integrated and managed online service (with web portal and API access) for any insurance product in less than three days.
PolicyDock is dedicated to making modern insurance easy. We believe that every part of the insurance journey should be modern, API driven, and cloud driven.
Pursuing SOC 2
Privacy and security are not things that you can add as an afterthought. They’re things that you have to build as part of the core of a system, which is why we decided to pursue SOC 2. To accomplish all of our goals around SOC 2, I quickly realized it was going to become a full-time job for myself and other folks on the team as well.
Our auditor mentioned various tools that other clients had used that had helped them out before. They told me, “Drata is the future of this industry,” so I decided to give Drata a shot.
We use Drata’s continuous monitoring to stay on top of all of our evidence gathering and processes. We have a lean, agile team and we need to get everything we can out of every hour of our work—and Drata helps us do that.
A big benefit of working with Drata is the centralization of notifications and the automated evidence gathering. Having everything in one place is super helpful in keeping organized. Then being able to integrate with our cloud provider and our version control made everything just a lot simpler and saved tons of time for us.
Another feature I really appreciate about Drata is that they follow the principle of least access. Anytime I’m integrating with a third party, I immediately ask, “what kind of surface am I exposing to vulnerability?” Drata takes very seriously limiting the amount of data and access they need in the various automated integrations they offer.
Using Drata has effectively saved us six months in the SOC 2 audit process, which is huge for a team that’s trying to ship new features all the time. It would’ve been a lot of work had we not had a system to centrally coordinate and automate our evidence gathering.