Drata x Onboard: SOC 2 Type 1 From a CTO’s Perspective
Onboard CTO Matthew Majewski offers insight into how Drata can help you become and stay SOC 2 compliant.
From day one at Onboard, we were focused and committed to building security into our systems, product, and tech architecture. We selected vendors that protect data with industry standards for security and compliance. Our team took this to the next level by completing our first audit to receive SOC 2 Type 1 compliance—the gold standard of data protection. Receiving our SOC 2 compliance was especially valuable to our clients, who use Onboard to streamline and automate their customer onboarding and implementation using CRM data.
Since Onboard provides visibility to all stakeholders in the onboarding process, it's imperative that Onboard provides top-notch security compliance and procedures.
Going the Extra Mile
Onboard didn’t stop there. Once we received our attestation, we created a detailed system description guide and published new internal system diagrams to include in the report. We updated our Trust Center to allow for requesting the SOC 2 report, policies, and other security docs (under NDA) to make the infosec and diligence process easier.
By doubling down on our commitment to security and compliance, Onboard has an advantage over competitors who may not have taken the extra care to do things like:
Schedule annual third-party penetration tests.
Set up an advanced logging, SIEM, and cross-region data backups and source code security features.
Roll out updated security policies across the organization.
Formalizing our Business Continuity, Disaster Recovery, and Incident Response Plans and undergoing exercises to validate and improve these plans.
Set up a number of security features like multi-factor authentication.
How Onboard Uses Drata
We use Drata to streamline the process and automate many of the manual tasks required to achieve and maintain SOC 2. The platform helps us identify any gaps in our systems, processes, and infrastructure—giving an accurate and up-to-date view of our compliance status. We have a user-friendly view of our control status, auditor communications and requests, and overall readiness to ensure ongoing compliance.
To keep all current and future employees up to date, Onboard also uses Drata to implement an annual security training to supplement our existing engineering training.
Using Drata saves us time, streamlines our compliance efforts, and helps us maintain our security-first culture by focusing on continuous compliance and audit readiness.
Curious if Drata can help your company do the same? Book a demo today.
