How Lemonade Saved 80% of Time Using Drata’s Continuous Compliance Automation
Lemonade is a full-stack digital insurance carrier built to provide the most transparent insurance experience.
Products Used
About Lemonade
Lemonade is a consumer-focused insurance company that operates in the U.S. and Europe.
The Challenge
Audits are not fun. I’ve spent well over 200 hours before using Drata just in preparing for and dealing with our SOC 2 audit. If I added in everybody else’s time, I’ve loosely calculated that it’s between 500 to 600 hours of time spent preparing for an audit before using a compliance automation platform like Drata.
At a late-stage growth company like ours—where we’re still developing new product and trying to keep up with the market—that is a lot of time taken away from delivering product. It’s a waste of time in terms of efficiency, and it gets in the way of other important projects like improving overall security for the company.
“Audits are not fun. I’ve spent well over 200 hours before using Drata just in preparing for and dealing with our SOC 2 audit.”
The Experience
Drata has been great for automating evidence collection. I find it really flexible, and I’m able to make my own control framework. I’m making one specifically around Sarbanes-Oxley’s IT general controls, and we’ve spent less time doing those things that were once manual. I expect I’ll be able to reduce the time that my team and I have to put in by probably 60 to 80 percent.
Products That Helped
SOC 2
SOC 2 defines criteria for managing data based on: security, availability, processing integrity, confidentiality, and privacy.
GDPR
GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
PCI DSS
PCI DSS is a set of controls to make sure companies that handle credit card information maintain a secure environment.
Risk Assessment
Drata’s built-in self-assessments enable you to efficiently report on your security program’s effectiveness.
ROI
I just ran a SOC 2 audit with Drata that we completed in January. I actually didn’t think it was true because I heard almost nothing from the auditor until late January, where she said, ‘Okay, we have a draft ready of your final audit.’ I had only been on the phone for about 4 hours with her—which was 1/10th of the amount of time I had anticipated to spend with the auditor. I spent about 35 to 40 hours collecting evidence and was able to rely upon other people for significantly less.
The auditor called to say, ‘Well, your audit is basically done. We just want you to review the draft with zero nonconformities.’ Let’s just say it’s liberating.
"The promise of automation has long been discussed in the compliance world, but never truly realized. Drata has turned that into reality."
Excellent Based on 1000+ Reviews
Get Compliant 80% Faster With Drata
Explore Other Stories
Learn about how other customers are harnessing the power of compliance automation with Drata.
