How Thnks Saves 100 Hours During ISO 27001 Certification
Thnks is leveraging technology and the science of gratitude to help establish and build strong relationships for the modern world through efficient, personalized, and thoughtful appreciation.
Thnks is combining gratitude and technology to help companies and individuals build and grow career relationships through expressions of gratitude.
Why ISO 27001 and SOC 2?
At Thnks, we want to live that spirit of continual security. It can sometimes be the tendency to pursue security and compliance best practices just for the certification or attestation—so it looks good to clients, rather than focusing on reducing risk overall.
We chose to pursue ISO 27001 and SOC 2 at the same time. Both are really valuable across the industry, but we wanted to be efficient with the audits and preparation. We saw the need to go from previous manual processes and get somewhere closer to more continual automation.
The main benefit of Drata is the continual investment in security and security controls. Drata really encourages continual monitoring of systems, and they make it easy for us to connect to our cloud hosting provider, code repo or identity provider, and more. The Drata Platform also offers the continuous monitoring of those connections and brings visibility to the security controls we have in place. You can visually see the ISO controls that are mapped to Drata controls and their statuses.
What I also really like about using Drata is being able to use the API to upload evidence instead of manually clicking through some other piece of software—I could essentially automate uploading evidence with Drata.
The original implementation took about 200 hours through our manual processes based on templates and policies—and that was just preparing for the audit. With Drata, it dropped tremendously. It cut that time in half and we passed our audit with zero nonconformities.
Drata’s given us time back. But more importantly, it’s given me peace of mind in a way. Even though I don’t have 30 years of security experience, I can feel confident in knowing that we have a very solid security posture here at Thnks.