Drata Resource Center

CASE STUDY

How Tribe Establishes Community Trust With Drata’s Powerful Platform

The value Drata provides from onboarding to the audit, and beyond

CASE STUDY

How Lemonade Saved 80% of Time Using Drata’s Continuous Compliance Automation

How automated evidence collection and customizable control mapping streamlines Lemonade’s compliance success.

CASE STUDY

How Drata’s Automation-Focused Approach Empowered Chargify to Pursue SOC 2 Success

A case of how the right platform can make achieving security best practices hassle-free

CASE STUDY

How Achieving SOC 2 Type 1 Compliance Sets Orchestry Apart From Their Competitors

A case on why Drata is the go-to partner for security and compliance needs

CASE STUDY

Leaning on Automation to Expedite Security Questionnaires and Establish Customer Trust

A case of how APL nextED uses Drata’s platform to generate immediate value

CASE STUDY

Why Superside Chose Drata to Tackle SOC 2 Compliance

A case of how Drata’s automation-led approach empowers companies to achieve SOC 2 quickly and easily

CASE STUDY

How SOC 2 Establishes Trust and Competitive Advantage in the InsurTech Market

A case of how Micruity tapped Drata to automate SOC 2 compliance and shorten sales cycles

CASE STUDY

Why Ark Chose Drata as the Guide to SOC 2 Success

A case of how Drata simplifies and accelerates the path to compliance

CASE STUDY

How Drata Automates CareRev’s Path to SOC 2 Compliance

A case of how policy templates and automated evidence collection illuminate the SOC 2 roadmap

CASE STUDY

How Drata Empowers Katalon with Real-Time Visibility on Its Way to SOC 2 Compliance

A case of how the path to SOC 2 is just as important as receiving the attestation report

CASE STUDY

Using SOC 2 Compliance to Lead the NHD Market

A case of how SOC 2 compliance keeps SnapNHD’s business growing

CASE STUDY

How Drata Helps Rebrandly Continue its Growth Trajectory

A case of how Drata’s automation paves a smooth and efficient path along the SOC 2 journey

CASE STUDY

Why VIVIO Health Banked on Automation for SOC 2 Type 2 Compliance

A case of how Drata reduces the time and cost associated with compliance

CASE STUDY

Why Immediation Chose Drata for ISO 27001 Certification

A case of how an intuitive platform can expedite the compliance journey

CASE STUDY

How Drata Helped Bramble Understand and Achieve SOC 2 Compliance

A case of a startup achieving compliance to ensure scalability

CASE STUDY

Why Lumiio Chose Drata to Earn and Maintain Stakeholder Trust

A case of how automation can save on resources and compliance costs while enhancing security programs

CASE STUDY

How SOC 2 Compliance Sets Weld Up for Long-Term Success

A case of investing in compliance early for a smoother journey

CASE STUDY

How Emerge Got a Head Start on SOC 2 Compliance with Drata

A case of why compliance is a must when dealing with enterprise customers.

CASE STUDY

How Chameleon Leveled-Up Their Security Program with SOC 2 Type 2 Compliance

A case of building confidence in processes, tooling, and evidence required for standing up a strong security posture. Learn how Chameleon…

CASE STUDY

How Runway Propelled Its Business with SOC 2 Compliance

A case of a small team on the fast track to a strong security posture. Runway makes it easy for teams to coordinate their mobile app releases.

CASE STUDY

How Axero Solutions Achieved SOC 2 Compliance in Record Time

A case of an intranet software company using Drata to augment their compliance program

CASE STUDY

Why HeadsUp Pivoted to Drata from a Legacy Player to Achieve SOC 2 Type 2

A case of how Drata’s continuous monitoring eased the heavy lift of evidence collection for a new company

CASE STUDY

How Trust & Will Prioritized Security While Doubling in Size

A case of doing right by your customers and their data, even with competing priorities and massive growth

CASE STUDY

Why Ariglad Chose Drata to Achieve SOC 2 Type 2 and Reach New Customers

A case of Drata’s all-in-one platform serving as the perfect solution for a user-friendly compliance journey

CASE STUDY

How Air Used Compliance Automation to Sell to Enterprise

A case of an early-stage company being committed, resourceful, and open to wearing many hats in order to successfully meet SOC 2

CASE STUDY

How Pilot Used SOC 2 to Prove Their Commitment to Security

A case of a company obtaining compliance 4x faster by working with an automation solution

CASE STUDY

How Pequity’s Partnership Approach Helped Ensure Successful SOC 2 Compliance

A case of working closely with Drata’s customer support team to achieve SOC 2 and kickstart company security efforts

CASE STUDY

How Clair Embraced Drata to Gain and Maintain SOC 2

A case of leveraging a Drata’s features, functionality, and customer support to quickly and efficiently receive a SOC 2 report

CASE STUDY

How FinTech Company Zūm Rails Quickly Obtained SOC 2

A case of a financial SaaS copmany using Drata to preemptively focus on continuous compliance in order to meet high stakes industry demands

CASE STUDY

How Demoflow Used Drata to Get Enterprise-Ready Quickly

A case of founders who know a thing or two about risk, and who understand the importance of mitigating risk for their customers

CASE STUDY

How Iteratively Got Their SOC 2 Fast with Drata

A case of how starting early with SOC 2 can ensure things are set up to scale securely from day one

BLOG ARTICLE

Managing Compliance and Risk in One Location with Drata

The days of managing risks in spreadsheets are over. Drata’s Risk Management Solution manages compliance and risk in one location.

BLOG ARTICLE

SaaStr Annual 2022 – Fall Favorites are on the Horizon

Drata’s latest product updates include engaging security training, a dynamic personnel view for users, and two additional integrations.

BLOG ARTICLE

July Product Releases: Custom Frameworks, Automated Tests to Any Control, and SOX ITGC

Drata’s latest product updates include engaging security training, a dynamic personnel view for users, and two additional integrations.

BLOG ARTICLE

What is IT Risk Management? + Why It Matters

It’s important to be proactive about IT risk management. Read our guide and understand what it entails and why you need it.

BLOG ARTICLE

HIP, HIPAA, HOORAY! Drata is Now HIPAA Compliant

Drata is now compliant with HIPAA, the federal law for patient health protection in the U.S. Read how and why our team prioritized HIPAA.

BLOG ARTICLE

ISO 27001 Checklist: 6 Easy Steps to Get Started

Even if you understand why you should be certified, you may not know how to get started. Consider this post your ISO 27001 checklist.

BLOG ARTICLE

Introducing Custom Frameworks + Mapping Automated Tests to Any Control

We’re excited to launch Custom Frameworks and the ability to map our automated tests to any control, even custom controls.

BLOG ARTICLE

Beginner’s Guide to Third-Party Risk Management

Third-party risk management brings your external risks under control and lets you address security, financial, legal, and compliance risks.

BLOG ARTICLE

Containers and Kubernetes: Why DevSecOps is Critical to Success

While containerization is certainly not without risks, the path towards a more secure environment starts with DevSecOps on day one.

BLOG ARTICLE

4 Common Misconceptions About Auditors

There are a number of misconceptions made every day about the auditing process and auditors themselves. We’ve dispelled the most common here.

BLOG ARTICLE

6 Types of Risk Assessment Methodologies + How to Choose

Information risks are everywhere, but which ones matter most? Choosing the right risk assessment methodology can help you prioritize.

BLOG ARTICLE

Budgeting for ISO 27001: How Much Does Certification Cost?

Considering ISO 27001? Learn what you need to know about ISO 27001 certification costs and how they may vary for your organization.

BLOG ARTICLE

Debunking the Top 5 GDPR Myths and Misconceptions

With GDPR being a more recent law, there are some misconceptions about who it applies to and how it affects companies around the globe.

BLOG ARTICLE

ISO 27001: How to Write a Statement of Applicability

You need a Statement of Applicability for an ISO 27001 certification. Here’s a quick guide to make the process as stress-free as possible.

BLOG ARTICLE

What Does Trust Mean? Three Drata Customers Answer

SOC 2 compliance means having controls in place to meet industry standards for security, privacy, availability, processing integrity, and confidentiality. Here’s everything you need to know…

BLOG ARTICLE

ISO 27001: A Beginner’s Guide

Get an overview of what ISO 27001 is, why it’s important, best practices to help you achieve certification for your organization, and more.

BLOG ARTICLE

SOC 2 Compliance: A Beginner’s Guide

SOC 2 compliance means having controls in place to meet industry standards for security, privacy, availability, processing integrity, and confidentiality. Here’s everything you need to know…

BLOG ARTICLE

May Product Releases: Policy Center 2.0 & AWS Virtual Assets

Drata’s latest product updates include engaging security training, a dynamic personnel view for users, and two additional integrations.

BLOG ARTICLE

What is Vulnerability Scanning? + Frequently Asked Questions

Vulnerability scanning is a key control within most security frameworks. Here’s everything you need to know about vulnerability scanning.

BLOG ARTICLE

SOC 2 Compliance Automation Software: Everything You Need to Know

What is SOC 2 automation software and why do you need it? Companies today are putting SOC 2 on autopilot. Here’s how they’re doing it.

BLOG ARTICLE

Introducing Trust Center: Earning Trust Just Got Easier

Use your security posture to build trust and expedite the sales process with Drata’s Trust Center. Keep reading to learn how.

BLOG ARTICLE

4 Things We’re Looking Forward to at RSA 

Drata will be joining RSA in person this year. Visit us at booth 6372 in Moscone’s North Expo to check out Drata and get some cool swag.

BLOG ARTICLE

Penetration Testing vs. Vulnerability Scanning: What’s the Difference?

Learn the differences between vulnerability scanning and penetration testing to make the best choice for your organization’s needs.

BLOG ARTICLE

New Frameworks: CCPA, ISO 27701, & More

We’ve added frameworks to the Drata platform including CCPA, ISO 27701, Microsoft SSPA, NIST CSF, NIST 800-171, NIST 800-53, CMMC, and FFIEC.

BLOG ARTICLE

​​Budgeting for SOC 2: How Much Does a SOC 2 Audit Cost?

Going for SOC 2? Find out what a SOC 2 audit costs, what influences the total, and what you can expect in terms of time and resources spent.

BLOG ARTICLE

What is Red Teaming? + Why You May Need It

Red teaming helps companies identify vulnerabilities and guide improvements of their security and compliance programs.

BLOG ARTICLE

CCPA Compliance 101: Everything You Need to Know

Is your business CCPA and CPRA compliant? Learn everything you need to know about CCPA compliance with this guide.

BLOG ARTICLE

April Product Releases: A New Framework View & Multiple Personnel Devices

Drata’s latest product updates include engaging security training, a dynamic personnel view for users, and two additional integrations.

BLOG ARTICLE

Drata Welcomes New VP of People: Jonathan Akhavan

Former Looker and Google leader, Simanta Chakraborty, joins as VP of Sales. Read about his past roles and his goals for Drata’s Sales Team.

BLOG ARTICLE

Breaking Down Security Controls: A Bite-Sized Guide

Get the information you need to understand what security controls are and what they mean for your organization under different frameworks.

BLOG ARTICLE

GDPR vs. CCPA: Key Differences and Similarities

How is California’s Consumer Privacy Act different from Europe’s GDPR? Keep reading for a breakdown of key differences and similarities.

BLOG ARTICLE

Drata Welcomes VP of Business Development: Kevin Kriebel

Former Looker and Google leader, Simanta Chakraborty, joins as VP of Sales. Read about his past roles and his goals for Drata’s Sales Team.

BLOG ARTICLE

Our Path to ISO 27001

We’re excited to announce our ISO 27001 certification. Read about what our process looked like and key learnings your team may find useful.

BLOG ARTICLE

March Product Releases: From Bulk Actions to Curricula Training

Drata’s latest product updates include engaging security training, a dynamic personnel view for users, and two additional integrations.

BLOG ARTICLE

SOC 2 Compliance Checklist: 9 Steps to Take Before Your Audit

This easy-to-follow SOC 2 compliance checklist will help your organization prepare for and maximize the chance of passing an audit.

BLOG ARTICLE

What is Security Posture? How to Assess and Improve it Across Your Organization

This easy-to-follow SOC 2 compliance checklist will help your organization prepare for and maximize the chance of passing an audit.

BLOG ARTICLE

Drata Welcomes New Director of Compliance: Alev Viggio

Former Looker and Google leader, Simanta Chakraborty, joins as VP of Sales. Read about his past roles and his goals for Drata’s Sales Team.

BLOG ARTICLE

Drata Rated Leader in Spring 2022 G2 Reports

This easy-to-follow SOC 2 compliance checklist will help your organization prepare for and maximize the chance of passing an audit.

BLOG ARTICLE

Ask an Auditor: February Recap

Compliance doesn’t have to be complicated. The compliance team at Drata is here to help you with our Ask an Auditor series.

BLOG ARTICLE

You’re GDPR Compliant: Now What? 6 Strategies to Maintain Compliance

GDPR compliance isn’t a final destination—protecting customer personal information is an ongoing task, here are a few ways to maintain GDPR.

BLOG ARTICLE

Integration: SOC 2 Security Awareness Training with Curricula

Our newest integration is here: SOC 2 security awareness training with Curricula. Meet your requirements while making training fun for your team.

BLOG ARTICLE

February Product Releases: From Multiple MDMs to Internal Control Notes

Check out our latest product launches and updates. From connecting multiple MDMs to auditor view updates, you’ll enjoy using Drata even more.

BLOG ARTICLE

Introducing Automated Continuous Monitoring of GDPR Compliance

We’re excited to announce the addition of GDPR to Drata’s automated platform. Use Drata to simplify and maintain GDPR compliance.

BLOG ARTICLE

Security & Compliance: Key Differences + How They Work Together

Security and compliance aren’t interchangeable concepts. Learn what you need to know about the key differences and how they work together.

BLOG ARTICLE

8+ Resources for Black Professionals in Security & Compliance

Use these resources for Black professionals in security, compliance, and privacy to start or further develop your career and connections.

BLOG ARTICLE

Choosing the Right PCI SAQ for Your Business

There are eight different types of PCI self-assessment questionnaires. Which one is right for your organization?

BLOG ARTICLE

What is Data Classification?

Data classification is critical for data protection and security. Learn its ins and outs and its role in privacy programs.

BLOG ARTICLE

Continuous Security Monitoring with Drata + Kandji

Our partnership with Kandji extends Mac monitoring capabilities by enabling our platform to pull data directly from Kandji via API.

BLOG ARTICLE

7 Tips to Manage Data Privacy With a Lean Team

Many organizations rely on one or two people for all data privacy responsibilities. Here are seven tips on prioritizing your initiatives.

BLOG ARTICLE

26 Data Privacy Statistics to Keep in Mind When Updating Your Program

Consumer sentiments, policies, and practices around data privacy are always changing. For a quick snapshot, here are a few recent statistics.

BLOG ARTICLE

Drata Welcomes Former Looker and Google Leader: Simanta Chakraborty

Former Looker and Google leader, Simanta Chakraborty, joins as VP of Sales. Read about his past roles and his goals for Drata’s Sales Team.

BLOG ARTICLE

Introducing Automated PCI DSS Compliance

We’re excited to announce Drata’s new framework—PCI DSS. If you accept, process, store, or transmit credit card information, PCI compliance is required.

BLOG ARTICLE

What is a HIPAA Violation? + Common Mistakes and Fines

Are you HIPAA compliant? Get the answers you need to stay in compliance and avoid the consequences of failing to follow HIPAA standards.

BLOG ARTICLE

3 Reasons Why Startups Need SOC 2

SOC 2 compliance acts as a critical building block to a strong security posture and can positively shape a startup’s long-term trajectory.

BLOG ARTICLE

Drata’s 2021 Year in Review

Last week marked six months since launching Drata out of stealth, and today we’re proud to announce our $25M Series A round led by GGV…

BLOG ARTICLE

SOC 2 Audits: What Your Organization Can Expect From Start to Finish

First time going through a SOC 2 audit? Here’s what you can expect throughout the process from start to finish.

BLOG ARTICLE

Introducing Automated HIPAA Compliance

Drata releases its third framework in less than a year, helping automate HIPAA compliance and secure critical health information

BLOG ARTICLE

Drata Named a Leader in Three G2 Winter 2022 Grid Reports

Rated highly by G2 users, Drata is also #1 in the G2 Relationship Index for Cloud Compliance and Cloud Security.

BLOG ARTICLE

7 Myths about SOC 2 Compliance

There are still many questions around the process and purpose behind SOC 2. Let’s break it down by going over a few common myths.

BLOG ARTICLE

How to Choose the Right SOC 2 Audit Firm

When and how should you choose an audit firm for your SOC 2 audit? Our professional auditor has the answers.

BLOG ARTICLE

Integration: Drata App Approved by Okta

With Drata’s new integration with Okta, customers will be able to use Okta as their identity provider (iDP).

BLOG ARTICLE

How ClickUp and Drata Help Streamline SOC 2 Compliance

With the proliferation of cloud platforms, the exposure to online threats such as phishing, data theft, and risk continues to rise. So, how vulnerable to a cyber attack is your business?

BLOG ARTICLE

Drata Among Founding Supporters of Open Finance Data Security Standard (OFDSS)

To protect customer data, the fintech ecosystem is rallying around a new data security standard—Open Finance Data Security Standard (OFDSS).

BLOG ARTICLE

Drata Reaches Unicorn Status with $100M in Series B Funding

Less than 10 months out of stealth, Drata is among the fastest SaaS companies ever to reach a $1 billion valuation.

BLOG ARTICLE

Drata on its $100M Series B Led by ICONIQ Growth

Drata becomes one of the fastest SaaS companies ever to reach $1 billion valuation. Read what’s in store for the future of Drata.

BLOG ARTICLE

SOC 2+ HIPAA: What You Need to Know

What is SOC 2+ and do you need it? How does it stack up against HIPAA? An expert auditor weighs in on key differences and how to get started.

BLOG ARTICLE

HIPAA Compliance: a Beginner’s Guide

What is HIPAA compliance? How can you get started? And how much overlap does it have with SOC 2? Here are some answers.

BLOG ARTICLE

Score Your Company’s SOC 2 Readiness

Is your company ready to accelerate its SOC 2 Readiness? Use Drata’s dynamic readiness checklist to score your SOC 2 readiness level and understand what getting your SOC 2 report entails…

BLOG ARTICLE

SOC 2 Type 2: A Beginner’s Guide

Everything you need to know about SOC 2 type 2 reports—from what they are to some best practices to get ready for yours.

BLOG ARTICLE

SOC 2 Audit Exceptions: What Are They and How to Avoid Them

You’re getting ready for your first SOC 2 audit. You’ve got your controls in place and have selected an audit firm to partner with. Now, it’s time for your observation period—and you’re concerned about exceptions.

BLOG ARTICLE

Silicon Valley CISO Investments: Supporting Security Startups Through an Expert Lens

The role of a company’s Chief Information Security Officer has evolved over the past few years…to put it lightly…

BLOG ARTICLE

The Beginner’s Guide to SOC 2 Criteria and the Controls you Need in Place to Satisfy those Criteria

What is a SOC 2 criteria or requirement? What is a control and which ones do we need to implement? Learn from Drata experts on how to design and implement the right controls to satisfy the SOC 2 requirements and ace your audit…

BLOG ARTICLE

Drata Raises $25M Series A Led by GGV Capital to Support Rapid Growth of its Next-Gen Compliance Automation Platform

Last week marked six months since launching Drata out of stealth, and today we’re proud to announce our $25M Series A round led by GGV…

BLOG ARTICLE

SOC 2 vs. ISO 27001: Compare Two of Today’s Most Common Security Frameworks

It’s no surprise that security frameworks like SOC 2 and certifications like ISO 27001 are becoming ever more important for any company that handles customer data (which is most of us these days), but what’s the difference…

BLOG ARTICLE

The Top 9 Mistakes Companies Make With SOC 2 Compliance

We asked Troy Fine, an experienced SOC 2 auditor and senior manager at Schneider Downs, about the most common mistakes he sees companies make before and during their SOC 2 audit…

BLOG ARTICLE

What is a SOC 2 Report & Does My Company Need One?

A SOC 2 report is a CPA-certified attestation that your company meets security standards. Here’s what that means and why it matters…

BLOG ARTICLE

SOC 2 Guide: 7 Pro Tips to Streamline Your SOC 2

The 7 things SaaS companies can do to get SOC 2 audit-ready in as little as 2 weeks. Embarking on a SOC 2 process can be overwhelming. Typically when SOC 2 becomes a priority, it’s something you needed yesterday…

BLOG ARTICLE

Drata raises $3.2M from Cowboy Ventures, Leaders Fund, SV Angel, and Prominent Angels to Automate SOC 2

My team and I are thrilled to introduce Drata to the world, and announce our $3.2M seed round led by Cowboy Ventures with participation from…

BLOG ARTICLE

Answers to the 7 Most Frequently Asked Questions About SOC 2

SOC 2 reports provide information about how effectively a service provider manages the security, privacy, and integrity of sensitive…

BLOG ARTICLE

5 Reasons Why You Do Not Need a SOC 2 Report

You’ll find plenty of content online regarding the benefits of SOC 2, but here’s the truth about why you don’t need to worry about it…

BLOG ARTICLE

Earning the Trust of Your Customers and Prospects with SOC 2

A SOC 2 report allows your company to show that it’s operating in a secure manner so you can win and retain more business…

BLOG ARTICLE

How to Review a Vendor’s SOC Report

BLOG ARTICLE

The Top 14 Security Policies Your Company Needs for SOC 2

During a SOC 2 examination, an auditor reviews that your company has documented policies and procedures relating to your information security (“infosec”) program…

Webinar

Ask an Auditor With Sensiba San Filippo’s Austin Capps

Senior Associate Austin Capps specializes in third-party attestations, including SOC 1 and 2 audits, and will field your questions live.

Webinar

Ask an Auditor With Troy Fine and a Special Guest From A-LIGN

Troy Fine, auditor turned resident Drata compliance advisor, will answer all of your questions about SOC 2 and compliance.

Webinar

Ask an Auditor With Troy Fine And A Special Guest From Schneider Downs

Troy Fine, auditor turned resident Drata compliance advisor, will answer all of your questions about SOC 2 and compliance

Webinar

A Unicorn’s Take on Prioritizing Security & Compliance

Learn how Clearco (formerly Clearbanc), the “pay as you grow” financing pioneer is empowering their team and leveraging automation to meet SOC 2, streamline processes, and prioritize security alongside unicorn-level…

Webinar

Building a Security & Compliance Roadmap: The Why & How for Health Tech Companies

Get Jarvis Analytics’ playbook on how they leveraged automation to set up a foundational security program, without depleting in-house engineering resources.