How Runway Propelled Its Business with SOC 2 Compliance

Asset Runway v2

Runway makes it easy for teams to coordinate their mobile app releases. The platform integrates with existing tools such as GitHub, Jira, Slack, and app stores to provide a live timeline of your mobile app’s release progress, handle communication of status and blockers to your team, and automate many manual steps along the way.

LocationNew York , NY
A case of a small team on the fast track to a strong security posture.

The Challenge

As an early-stage startup with deep integrations into its customers’ tech stack, Runway anticipated a surge in inquiries around its security posture. While individuals from our team were familiar with compliance, achieving SOC 2 was an entirely new experience for our company. We knew we needed SOC 2 compliance but didn’t know how or where to start.

The Experience

After being referred to Drata, it was clear this was the best platform to help us navigate the SOC 2 journey. Drata’s support team was incredibly reliable and dependable, and provided multiple channels of communication whenever we had questions about the process. Knowing there was a dedicated person available provided an invaluable level of comfort, especially for our first time with SOC 2. Drata’s portal served as our main hub to monitor our progress; the real-time status of our controls was easy to understand and gave us insight into how we’d further elevate our security posture in the future.

Drata’s agility was also critical in our smooth journey, adding new features and capabilities throughout the process that directly streamlined our own experience. Knowing the platform is quick to adapt to our needs gave us confidence in our ability to evolve together.

Key Takeaways

We first began this process thinking the compliance process was just part of the cost of doing business, but using Drata gave us an eye-opening view into how strong our security foundation was overall. And because compliance wasn’t in our wheelhouse, learning SOC 2 and communicating needs and tasks to the rest of the team allows us to establish a security-first mindset at Runway. We’re better off as a company understanding the ins and outs of SOC 2 compliance as we continue to grow, and Drata helped us to do just that.

What’s Next?

Enhancing our security posture with SOC 2 compliance makes a big difference in our growth trajectory. Now that we’ve obtained a clean SOC 2 Type 1 report, we’re excited to scale the business with Drata’s continuous monitoring features and stay on track with compliance. And having gone through the audit process with Drata’s help, we have the confidence to consider expanding to additional frameworks as our pipeline evolves with larger customers.

Could we have Googled our way into SOC 2 compliance? Sure, but that would have easily taken hundreds of hours in education and guesswork alone. Without Drata’s guidance, this process would have been a nightmare. More importantly, Drata’s automation provided a seamless SOC 2 experience and integrated into our existing initiatives - we never felt like we had to set aside company goals in order to become SOC 2 compliant.

Matt Varghese

Co-Founder, Runway

Resources for you
New Launches From Drataverse

New Launches From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Image - SOC 2 penetration test list

Penetration Tests and SOC 2: Preference, Tradition, or Requirement?

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.