How Merge Leverages Trust Center to Expedite Sales Cycles

About Merge

Merge builds Unified APIs for B2B companies. Developers integrate once with Merge to offer a full category of integrations and easily maintain integration health.

The Importance of Trust

Merge is expanding upmarket. We’re moving into larger and larger companies, which is why security is so important to us. We plan to be the integration layer for all B2B companies, and we constantly prioritize trust and security—reassuring our customers that we are shepherds of their data in the most responsible ways.

The Drata Journey

We’ve already been using Drata for SOC 2 and HIPAA compliance, so the natural next step was to reach out to Drata to start the process for ISO 27001. We chose to pursue ISO 27001 because our customers demanded it. We felt that we had a lot of reliable internal controls in place, however, we wanted to continue proving that to our customers.

The Experience

Some of the key benefits of working with Drata is the preparation and a lot of the evidence collection and gathering. We found the number of integrations, the focus on expanding their integrations library, and the automation of their integrations to be absolutely incredible—we've continued to connect all the platforms we use from background checks, to our AWS environment, and beyond so we can automate as much as possible. I would say Drata is by far one of the most connected platforms we've ever used.

Trust Center

Drata’s Trust Center is truly a novel product. It was almost like the Drata team read our minds and provided a solution for what our customers were asking for. We previously spent a lot of time providing evidence to our customers and getting NDAs signed, and as we’ve scaled with Trust Center, it’s made a night and day difference for our sales motion. We've been able to ramp up that function without bogging down too many team members.

The Audit

There were a lot of things that came up during our ISO 27001 certification like our policies and versioning, for example. Our auditor wanted to see that we not only had our policies, but that they were versioned and that we had approval processes in place. For situations like this, we can directly log into Drata and heavily rely on their platform to ensure we’re meeting all the necessary preparation for our audit. There were moments where we asked ourselves, “Do we do this?” and once we logged into Drata, we were like, “Yep! We do, because Drata has it.”

Why Drata

Drata is a good decision—there is no doubt there.The Platform and team has been a guiding light through our ISO 27001 certification and we're looking forward to maintaining a streamlined and scalable compliance program with Drata.