Leaning on Automation to Expedite Security Questionnaires and Establish Customer Trust

About

APL nextED is a comprehensive academic operations platform for managing workflows, data, and reporting that links faculty and student data to optimize teaching, advising, and mentoring to increase student success.

Websitehttps://aplnexted.com/

LocationValparaiso, IN

IndustryEdtech

Socials

Twitter

Facebook

Copy Link

A case of how APL nextED uses Drata’s platform to generate immediate value.

The Challenge

As an edtech company, APL nextED’s platform displays data, generates data, and integrates data from third party systems; sometimes includes personally identifiable information and student data. A big part of the sales process for any software includes an “IT diligence review”. APL is no exception. The IT diligence review involves completion of an extensive list of questions related to our security program and a meeting with a prospective partner’s IT/Security Compliance Team. We are regularly asked if we’re SOC 2 compliant.

Most often the work to prepare for an IT diligence review, including completing responses to the security survey and meeting with the compliance team, falls on the APL tech team. This means that the sales team has to wait for the IT team to find time to collect the specific information the prospective school has requested. This may slow down the sales process and disrupt the development roadmap schedule.

To solve this problem we knew we needed to pursue SOC 2 compliance and to find some way to easily document, track and report on our security protocols, standards and practices.

Why Drata

When undergoing an initial evaluation with another platform, we realized that there was a level of automation that was missing and that the underlying features still required a significant amount of manual work.

Drata’s automation-led approach was unmatched, and the platform provided a lot more support for API integrations. We were looking for a partner that could streamline the journey so we’re not constantly burdened with tasks like uploading screenshots of our visitor log. We found that partner in Drata.

The Experience

Drata’s continuous control monitoring and integrated agent provide us significant value in making sure we have everything in place. And Drata as a company has been excellent – the support team has guided us along every step of the journey thus far. They even brought in their team of experts to share guidance on other compliance frameworks we have on the horizon, pointing out overlap and best practices for implementation.

Immediate Results

While APL nextED is still on the path to SOC 2, we’ve already experienced Drata’s value firsthand, especially with onboarding new employees. We also recently received a diligence request from a prospect, and because we were able to pull documentation directly from the Drata platform, we’ve already signed them on as a new customer. The time savings and impact on sales are immediate, especially as we inform our customers that we’re pursuing SOC 2 compliance!

SOC 2 brings about a lot of questions around time, cost, resources, and requirements - that can be overwhelming for any company. For us, automating the path to compliance was the clear answer, and Drata has been exceptional in going above and beyond to ease this journey for us. We’re keeping our security posture strong and scaling much quicker as a result of working with Drata.

Chris Bake

CTO, APL nextED

Resources for you