How Thnks Saves 100 Hours During ISO 27001 Certification

About Thnks

Thnks is combining gratitude and technology to help companies and individuals build and grow career relationships through expressions of gratitude.

Why ISO 27001 and SOC 2?

At Thnks, we want to live that spirit of continual security. It can sometimes be the tendency to pursue security and compliance best practices just for the certification or attestation—so it looks good to clients, rather than focusing on reducing risk overall.

We chose to pursue ISO 27001 and SOC 2 at the same time. Both are really valuable across the industry, but we wanted to be efficient with the audits and preparation. We saw the need to go from previous manual processes and get somewhere closer to more continual automation.

Key Benefits

The main benefit of Drata is the continual investment in security and security controls. Drata really encourages continual monitoring of systems, and they make it easy for us to connect to our cloud hosting provider, code repo or identity provider, and more. The Drata Platform also offers the continuous monitoring of those connections and brings visibility to the security controls we have in place. You can visually see the ISO controls that are mapped to Drata controls and their statuses.

What I also really like about using Drata is being able to use the API to upload evidence instead of manually clicking through some other piece of software—I could essentially automate uploading evidence with Drata.

ROI

The original implementation took about 200 hours through our manual processes based on templates and policies—and that was just preparing for the audit. With Drata, it dropped tremendously. It cut that time in half and we passed our audit with zero nonconformities.

Drata’s given us time back. But more importantly, it’s given me peace of mind in a way. Even though I don’t have 30 years of security experience, I can feel confident in knowing that we have a very solid security posture here at Thnks.