How Tribe Establishes Community Trust With Drata’s Powerful Platform
Tribe is a modern and fully customizable community platform built with a collection of human interaction best practices to help businesses launch brand-led online communities.
Why SOC 2
As a company that provides customer community solutions to other SaaS, consumer online services, and e-commerce companies, it’s important to us that we follow industry best practices when it comes to security and compliance.
We pursued SOC 2 compliance because we wanted to ensure that Tribe provides a secure platform that prospects, customers, and partners can trust. Our company deals with a lot of customer data, and our customers rely on our community platform to keep their data safe. Because of this, our main concerns were protecting both our customers’ data and their customers’ data.
Being able to show proof of our security protocols to prospects during the sales process was another key factor in pursuing SOC 2. This would allow us to decrease our sales cycle and equip our company with more documentation of Tribe’s security practices.
Because Tribe is an SMB tech startup, our opportunity to achieve SOC 2 compliance with a trusted partner like Drata was huge for us. The innovation of Drata’s product stood out to our team when deciding to move forward with a compliance automation platform.
It was evident that the Drata team focuses their efforts on alleviating industry pain points for customers with their product. Drata integrates well with our current tech stack and helps us keep track of our internal infrastructure and ticketing system. Their ability to make the employee onboarding process seamless from a security perspective was another big selling point. Overall, Drata’s platform is a better fit for our company’s needs at a more affordable cost compared to other platforms on the market.
Tribe had the privilege of being an early customer of Drata, and it’s been fascinating to see all of the product improvements over time. Since the beginning, Drata has always prioritized product updates for their customers, so seeing new and updated features consistently get released over the last year has proven Drata to be a trustworthy partner.
While we initially thought becoming SOC 2 compliant would be a massive project, the Drata team put a lot of effort into ensuring success. Drata helped streamline many of our internal processes, especially prospective employee background checks during the onboarding process. The integration with our background check provider was seamless and saved us from having to manually upload many files of information.
Drata’s integrations with Google Workspace, AWS, Jira, GitHub, and their partnership with our HRIS provider have been super handy for our team. These integrations allow our internal information to be pulled automatically, alleviating a lot of work for our team and giving us the ability to focus our energy on in-house projects.
The Audit Process
Our case is unique because we’ve achieved both SOC 2 Type 1 and Type 2 compliance with Drata—which made both compliance efforts very straightforward.
As a company that didn’t have an extensive security background prior to this, Drata clearly laid out what SOC 2 compliance would mean for our business. We were given a complete list of all available compliance controls to pick those relevant to our security program. Knowing which controls were within our scope helped us set clear expectations and apply best practices for SOC 2 compliance. We then included controls in the scope of our SOC 2 parameters which made expectations and best practices for this particular framework very clear.
Before using Drata we considered going for SOC 2 on our own but realized the level of engagement required by our auditor would have taken a lot of time from our employees. The most significant value of Drata has been the amount of time our team has saved through continuous control and compliance monitoring.
Throughout the entire process, Drata’s platform made it easy for our auditor to get any information they needed to complete the audit. All of our documentation is in one centralized dashboard that we can easily share through the Auditor View. Now that our audits are complete, we rely on Drata to continuously monitor the state of our security posture and alert us of any failures.
We look at our security and compliance efforts as long-term, so our biggest return on investment has been Drata’s continuous compliance monitoring.
The control monitoring notifications on failed controls and necessary fixes have been game-changing. These notifications have also streamlined our internal processes and communication. At the end of the day, we know we can count on Drata to flag issues before they become a big mess and keep our best foot forward from a security perspective.
Receiving our clean SOC 2 Type 1 and Type 2 reports is just the beginning of what we’re looking to accomplish with Drata’s help. The Tribe team will continue the good work that we’ve put into becoming SOC 2 compliant and may look into additional compliance frameworks as our company and market grows.
We’ll be relying on Drata to build upon our current security program and look forward to upcoming partnerships and integrations with additional players in the security ecosystem. These initiatives will play a key role as Tribe continues to scale our security standings.