Why Superside Chose Drata to Tackle SOC 2 Compliance
Superside is an always-on design company that delivers great design at scale to Enterprise teams—from everyday production design work to large-scale strategic design solutions.
Why SOC 2
Not only does Superside deliver design work to over 300 companies worldwide, our customers use our SaaS tool to continue working on those designs and ensure consistent quality. With our level of access to confidential data, we needed SOC 2 to show proof that we take the necessary steps to protect that information.
Being completely new to SOC 2, we were looking for a partner that could help us organize the process and simplify the steps we needed to take along the journey. We wanted to better understand the controls, policies, and framework as a whole. Drata has been helping us do that from the very start. The team has guided us from start to finish, in recognizing the current state of our security posture to identifying and working with our auditor partner, Schneider Downs.
Drata’s team is incredibly responsive whenever we have questions; they truly have been our partner throughout the entire process. Beyond the team, the additional guidance we get from the platform, with features like policy templates, has been invaluable. Being able to integrate Drata with our tech stack in AWS and our workflows in Gitlab, and having a blueprint for personnel onboarding, gives us a holistic view of our security program.
Drata has saved us a ton of time in terms of identifying what controls we need to fulfill and how to fulfill them. By automating and simplifying SOC 2 compliance, we’ve easily gained hundreds of hours back as a team that would have been spent just figuring out each step without making significant progress. Drata made the path to SOC 2 actionable.
Having achieved SOC 2 Type 1 compliance, we’re going to pursue Type 2 next, having already executed much of the work already with Drata. We’re taking the lessons we’ve learned from Type 1 and using that to scale and build out a team focused on security, auditing, and more to ensure we continue to uphold the best cybersecurity practices.