Why VIVIO Health Banked on Automation for SOC 2 Type 2 Compliance
VIVIO is a specialty drug management company with a mission to use data to transform healthcare delivery while lowering costs.
Why SOC 2
As a company in the healthcare space, we understand the importance of protecting our customer’s data and are always looking for ways to strengthen our security posture. We work primarily with large, self-insured employers who recognize SOC 2 compliance as a proof point for doing business. Aside from already being HIPAA compliant, we knew that if we were going to implement an audit standard, we should pursue a framework that our customers are familiar with and that shows an internal and external commitment to security. For us, that meant obtaining a SOC 2 Type 2 report.
We have a sophisticated architecture in a complex environment with many systems in which we manage compliance manually. While we had streamlined processes and predictability around maintaining it, we continuously asked ourselves:
Is there a better way to do this?
Is there an alternative that will save us time?
Is there a solution that can help reduce overall costs?
That led us to compliance automation.
While we’ve been SOC 2 compliant for many years, after researching various automation platforms, we knew we could use Drata to improve our efficiency, time- and cost-wise. The Drata team was engaged with us from the start, offering detailed insight into the overall process and ensuring the journey was as smooth as possible.
In addition, we were thrilled with the level of automation the Drata platform provides. From minimizing the burden of evidence collection to streamlining employee security training, Drata alleviated much of the managing component of compliance that we were so used to doing manually.
Drata easily saved us at least 50% of our time from a process perspective by automating the path to SOC 2 Type 2 compliance. Beyond time, Drata also helped us reduce our audit expenses – we used an audit partner within Drata’s auditor community, which led to a more cost-effective audit. Overall, going with Drata significantly impacted our operational expenses and turned the implementation experience into a net positive.
Achieving automation of SOC 2 Type 2 compliance is another critical piece to our security program that we’re constantly evolving. With SOC 2 compliance now automated, we have extra cycles to focus on our goal of bridging the gap between clinical trial data and actual patient outcomes.