Why Superside Chose Drata to Tackle SOC 2 Compliance

Case Study Superside

Superside is an always-on design company that delivers great design at scale to Enterprise teams—from everyday production design work to large-scale strategic design solutions.

LocationPalo Alto
IndustryDesign Services
A case of how Drata’s automation-led approach empowers companies to achieve SOC 2 quickly and easily.

Why SOC 2

Not only does Superside deliver design work to over 300 companies worldwide, our customers use our SaaS tool to continue working on those designs and ensure consistent quality. With our level of access to confidential data, we needed SOC 2 to show proof that we take the necessary steps to protect that information.

Why Drata

Being completely new to SOC 2, we were looking for a partner that could help us organize the process and simplify the steps we needed to take along the journey. We wanted to better understand the controls, policies, and framework as a whole. Drata has been helping us do that from the very start. The team has guided us from start to finish, in recognizing the current state of our security posture to identifying and working with our auditor partner, Schneider Downs.

The Experience

Drata’s team is incredibly responsive whenever we have questions; they truly have been our partner throughout the entire process. Beyond the team, the additional guidance we get from the platform, with features like policy templates, has been invaluable. Being able to integrate Drata with our tech stack in AWS and our workflows in Gitlab, and having a blueprint for personnel onboarding, gives us a holistic view of our security program.


Drata has saved us a ton of time in terms of identifying what controls we need to fulfill and how to fulfill them. By automating and simplifying SOC 2 compliance, we’ve easily gained hundreds of hours back as a team that would have been spent just figuring out each step without making significant progress. Drata made the path to SOC 2 actionable.

What’s Next?

Having achieved SOC 2 Type 1 compliance, we’re going to pursue Type 2 next, having already executed much of the work already with Drata. We’re taking the lessons we’ve learned from Type 1 and using that to scale and build out a team focused on security, auditing, and more to ensure we continue to uphold the best cybersecurity practices.

Initially, we were uncertain about the SOC 2 process, and didn’t know where to start. Having Drata as our compliance automation partner put us on the fast track to understanding the requirements and elevating our security posture. In automating the journey, we’re able to quickly achieve SOC 2 compliance without disrupting our flow of business. Drata makes compliance easy, no matter what level of expertise you have.

Tor Fusdahl

Engineering Manager, Superside

Resources for you
Image - Drataverse '24 Agenda Preview

GRC Growth: Sneak Peek Into the Drataverse ‘24 Agenda

Join us at RSA

FOMO Alert: Why You Won’t Want to Miss Drata at RSA

Harmonize Announcement

Welcoming Harmonize To the Drata Family

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.