AssuranceLab’s ‘Drata Starter’ collaboration with Drata
Security and privacy compliance is one of the biggest hurdles for Fintechs to grow domestically and internationally.
AssuranceLab and Drata are shortlisted for Fintech Australia’s Excellence in Industry Collaboration & Partnerships Award in the Finnies later this month for their collaboration that includes ‘Drata Starter’. This playbook and combination of technologies have transformed the way Fintechs achieve compliance in record time, with low costs and minimal compliance burden.
One of our first mutual clients using Drata Starter achieved SOC 2 Type 1 with their report in hand in less than 2 weeks. Our joint case study with 3rdRisk delves into the key success factors and how it works to enable their growth while keeping their team focused on what’s most important.
About 3rdRisk
Located in Amsterdam, 3rdRisk is a risk management SaaS company completely dedicated to managing third-party risk and internal control. 3rdRisk customers use the platform and technology to be in control and stay ahead of the risk that they could face all while remaining compliant with a variety of requirements. 3rdRisk’s mission is to help the new generation of risk professionals succeed in a world that is ever changing with threats constantly looming.
Why SOC 2?
3rdRisk decided to pursue SOC 2 Type 1 primarily because their customers trust them with their sensitive data and they want to showcase that their data is secure in their platform. This was especially key given the nature of their industry. It’s their duty to be transparent with customers about how information security is handled the integrity of their data is protected. From a revenue and growth perspective, 3rdRisk knew SOC 2 Type 1 would be important to implement.
Return on Investment in 2 Weeks
If you look at the amount of time that we spent to achieve SOC 2 Type 1, it was less than two weeks end to end. Our audit firm, AssuranceLab, provided our clean SOC 2 Type 1 report a few days following the audit. It took longer to evaluate competitors on the market than it took 3rdRisk to become SOC 2 Type 1 compliant working with Drata and AssuranceLab.
Especially considering when our infrastructure begins to scale, this equates to dozens of hours per month that my team will save. We’ll be able to reallocate resources to further maturing our technical infrastructure while focusing on innovation and the commercial side of the business.
Drata x AssuranceLab
We attribute becoming SOC 2 Type 1 compliant so quickly to working with both Drata and AssuranceLab. Here’s what made going through the audit process so much easier.
Drata Connected Us With Our Ideal Audit Firm
We got connected with AssuranceLab through Drata’s Auditor Directory. The Auditor Directory shows a category of audit firms that work with Drata, and through that we found our perfect auditor.
We were able to select from a pool of qualified audit firms that are trained to use the Drata platform. This collaboration streamlines the entire audit process and significantly increases efficiency. Selecting AssuranceLab was a smooth process, and we were able to get started with our audit preparation in no time.
AssuranceLab Embraced Our Need for Technology
AssuranceLab was the ideal audit firm for us because they have experience working with companies in our industry, born in the cloud, with progressive tech stacks. We wanted an auditor to embrace the emphasis 3rdRisk puts on leveraging technology and AssuranceLab is completely familiar with these kinds of cloud technologies.
If 3rdRisk embarked on a more traditional audit approach we would have been asked to provide all kinds of documentation about our infrastructure, how our server is working, and how the cloud is working, which would have caused delays in receiving our final report. The approach that Drata and AssuranceLab are taking has completely improved the way audits are conducted.
Active Support
Although I have previous background from a Big 4, SOC 2 Type 1 is still quite a heavy lift for a startup to implement, especially if you don’t have a consultancy party that’s supporting you in the process (something that we commonly see).
To help take the burden off our small team, we were able to take advantage of AssuranceLab’s new offering, the Drata Starter Program. The Drata Starter Program gave us a head start on all the time-intensive content pieces that are required of SOC 2 Type 1. It was a best practice blueprint provided by AssuranceLab completely tailored to the Drata Platform. I highly recommend this offering for SaaS startups like ours—it’s meant for you.
Drata’s Audit Hub Empowers Collaboration During The Audit
Our audit experience with AssuranceLab was exceptional for many reasons. From the first introduction meeting, their team laid out exactly what to expect during the process. There were no surprises in what was required of us to complete the audit.
Because we found our auditor through Drata, the Drata Platform helped facilitate many of our audit conversations. AssuranceLab logged directly into Drata and went through our control environment, asked questions about our integrations, and looked at the evidence being collected via continuous monitoring. Since AssuranceLab was already educated and trained on how to use Drata, it made it really easy to showcase we implemented the right controls and we are on track to achieve the standard. Our auditor knew exactly how to find the information they were looking for.
Compliance Doesn’t Have To Be Painful
Drata made it so much easier, faster, more efficient, and a lower burden on the business to achieve these kinds of compliance standards that normally take a lot of time, effort, and money. Drata really enables companies like ours to achieve this kind of standard in a pragmatic, high-quality way.
No More Guesswork Or Worry
In the early days of my career, audits made everyone anxious. There are a million things you worry about leading up to an audit like:
* When will the auditor arrive?
* Is my team prepared for what’s to come?
* Have we forgotten anything?
* How will we fix an issue that could come up?
The fear never ends.
Drata gives us confidence going into an audit because we have continuous monitoring and access to the status of our controls and requirements. There are no surprises—and if we do catch an issue, we know about it upfront. From there, remediation is straightforward through online guides and Drata’s support team live chat.
If you’re looking to begin evaluating your compliance program, I highly encourage working with Drata and AssuranceLab. They’ve created a holistic approach to compliance and audits without sacrificing independence, transparency, trust, or quality.
Bram Ketting
Co-Founder and CEO
3rdRisk
