• Sign In
  • Get Started
HomeBlogSOC 2 Type 1 From a CTO’s Perspective

Drata x Onboard: SOC 2 Type 1 From a CTO’s Perspective

Onboard CTO Matthew Majewski offers insight into how Drata can help you become and stay SOC 2 compliant.

by Matthew Majewski

March 21, 2023
SOC 2 Type 1 From a CTO’s Perspective
Contents
Going the Extra MileHow Onboard Uses Drata

From day one at Onboard, we were focused and committed to building security into our systems, product, and tech architecture. We selected vendors that protect data with industry standards for security and compliance. Our team took this to the next level by completing our first audit to receive SOC 2 Type 1 compliance—the gold standard of data protection. Receiving our SOC 2 compliance was especially valuable to our clients, who use Onboard to streamline and automate their customer onboarding and implementation using CRM data.

Since Onboard provides visibility to all stakeholders in the onboarding process, it's imperative that Onboard provides top-notch security compliance and procedures.  

Going the Extra Mile

Onboard didn’t stop there. Once we received our attestation, we created a detailed system description guide and published new internal system diagrams to include in the report. We updated our Trust Center to allow for requesting the SOC 2 report, policies, and other security docs (under NDA) to make the infosec and diligence process easier.

By doubling down on our commitment to security and compliance, Onboard has an advantage over competitors who may not have taken the extra care to do things like:

  • Schedule annual third-party penetration tests.

  • Set up an advanced logging, SIEM, and cross-region data backups and source code security features.

  • Roll out updated security policies across the organization.

  • Formalizing our Business Continuity, Disaster Recovery, and Incident Response Plans and undergoing exercises to validate and improve these plans.

  • Set up a number of security features like multi-factor authentication.

How Onboard Uses Drata

We use Drata to streamline the process and automate many of the manual tasks required to achieve and maintain SOC 2. The platform helps us identify any gaps in our systems, processes, and infrastructure—giving an accurate and up-to-date view of our compliance status. We have a user-friendly view of our control status, auditor communications and requests, and overall readiness to ensure ongoing compliance.

To keep all current and future employees up to date, Onboard also uses Drata to implement an annual security training to supplement our existing engineering training.

Using Drata saves us time, streamlines our compliance efforts, and helps us maintain our security-first culture by focusing on continuous compliance and audit readiness.

Curious if Drata can help your company do the same? Book a demo today.

Trusted Newsletter
Resources for you
Navigating the Future of GRC List

Navigating the Future of GRC: Top Insights for 2025

Bridging the GRC and DevOps Gap List

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Not everyone is keen on artificial intelligence List

Not Everyone is Keen on Artificial Intelligence: Why Some Businesses are Skeptical

Matthew Majewski
Related Resources
Navigating the Future of GRC List

Navigating the Future of GRC: Top Insights for 2025

Bridging the GRC and DevOps Gap List

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

G2 Winter 2025 List

Drata Named a Leader Again in G2 Winter 2025 Reports

November Product Roundup

November Product Roundup