Why VIVIO Health Banked on Automation for SOC 2 Type 2 Compliance

VIVIO Health

VIVIO is a specialty drug management company with a mission to use data to transform healthcare delivery while lowering costs.

LocationSan Leandro, CA
IndustryHealthcare Outcomes Management
A case of how Drata reduces the time and cost associated with compliance.

Why SOC 2

As a company in the healthcare space, we understand the importance of protecting our customer’s data and are always looking for ways to strengthen our security posture. We work primarily with large, self-insured employers who recognize SOC 2 compliance as a proof point for doing business. Aside from already being HIPAA compliant, we knew that if we were going to implement an audit standard, we should pursue a framework that our customers are familiar with and that shows an internal and external commitment to security. For us, that meant obtaining a SOC 2 Type 2 report.

The Challenge

We have a sophisticated architecture in a complex environment with many systems in which we manage compliance manually. While we had streamlined processes and predictability around maintaining it, we continuously asked ourselves:

  • Is there a better way to do this?

  • Is there an alternative that will save us time?

  • Is there a solution that can help reduce overall costs?

That led us to compliance automation.

Why Drata

While we’ve been SOC 2 compliant for many years, after researching various automation platforms, we knew we could use Drata to improve our efficiency, time- and cost-wise. The Drata team was engaged with us from the start, offering detailed insight into the overall process and ensuring the journey was as smooth as possible.

In addition, we were thrilled with the level of automation the Drata platform provides. From minimizing the burden of evidence collection to streamlining employee security training, Drata alleviated much of the managing component of compliance that we were so used to doing manually.


Drata easily saved us at least 50% of our time from a process perspective by automating the path to SOC 2 Type 2 compliance. Beyond time, Drata also helped us reduce our audit expenses – we used an audit partner within Drata’s auditor community, which led to a more cost-effective audit. Overall, going with Drata significantly impacted our operational expenses and turned the implementation experience into a net positive.

What’s Next?

Achieving automation of SOC 2 Type 2 compliance is another critical piece to our security program that we’re constantly evolving. With SOC 2 compliance now automated, we have extra cycles to focus on our goal of bridging the gap between clinical trial data and actual patient outcomes.

Coming from a security background, we knew SOC 2 Type 2 compliance was important to maintain, but we were at a fork in the road between continuing to manage the process manually or betting on automation. In doing the latter with Drata, we saved valuable time and money in maintaining compliance, giving us more time to focus on life-saving issues. In short, Drata made our lives simpler.

Pramod John


Resources for you
Image - Andy joins drata list

Meet Andy Bryars: Director of Customer Success Group in EMEA

Image - Drataverse Tony Hawk List

Drata Announces Tony Hawk As Drataverse Keynote Speaker

Image - Drataverse '24 Agenda Preview

GRC Growth: Sneak Peek Into the Drataverse ‘24 Agenda

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.