West Monroe Yields Zero-Condition Audits and Cost Saving With Drata and A-LIGN

Before Drata: Disorganized Documentation and Compliance

Before implementing Drata, West Monroe's compliance program faced several challenges. Their SOC 2 audit in 2022 highlighted numerous gaps and inefficiencies. The manual process, with its scattered and outdated documentation, resulted in a 25-page gap paper, putting their report at risk.

The absence of a centralized repository for documentation compounded these issues, making audit preparations arduous and error-prone. The challenge was clear: West Monroe needed a streamlined solution to serve as a reliable source of truth for all their documentation.

The Solution: Integrating Drata and Partnering with A-LIGN

To address these issues, West Monroe partnered with Drata, renowned for its simplicity and automated evidence collection capabilities, and A-LIGN, a leading provider of high-quality, efficient cybersecurity compliance programs. Drata's disciplined approach to documentation management established centralized repositories, facilitating easy retrieval and review. The platform's seamless integration with West Monroe's Microsoft-based systems, including HR systems and the Azure environment, proved invaluable.

A-LIGN, a relationship inherited through an acquisition, was a crucial part of the compliance journey. Despite the inheritance, the choice to stay with A-LIGN was deliberate. "Inheritance didn't mean that we had to either stay with them or part ways with them, but due to the people and the technology we were working with, we decided that A-LIGN is the right auditing partner for us," Shan Moosa explained.

Implementing Automation for Enhanced Efficiency

West Monroe went from tedious, manual processes to saving significant time with Drata’s robust automation capabilities. By automating evidence collection and minimizing manual team efforts, Drata significantly reduced the time and effort required for compliance tasks. They were also able to conduct security impact assessments within Drata, reducing costs and enhancing operation efficiency.

A-LIGN's expertise and high-quality audit service, combined with Drata's innovative technology, created a comprehensive solution that addressed all aspects of West Monroe's compliance needs.

The Results: 70% Reduction In Time Spent On Audit Prep

The partnership between Drata, A-LIGN, and West Monroe yielded impressive results. In the most recent audit, West Monroe achieved a zero-condition report, a stark contrast to the previous year’s 25-page gap paper, resulting in their first unconditional audit in the company’s history. The audit preparation time was dramatically reduced from a three-month effort to an estimated three weeks, focusing on review and minor updates rather than extensive document creation.

By using Drata for security impact assessments, West Monroe saved substantial costs, eliminating the need for expensive third-party vendors. Drata’s platform enabled West Monroe to efficiently manage compliance documentation for their international operations, including offices in Costa Rica, London, Mexico, and prospective locations in Southeast Asia. Due to the shared controls across frameworks in Drata, completing the work for SOC 2 brought West Monroe to an 82% readiness level for GDPR without any additional work.

With Drata and A-LIGN in place, West Monroe successfully navigated their SOC 2 Type 2 audit and set their sights on future compliance goals, including GDPR and CCPA frameworks. The firm anticipates further advancements in their compliance journey, focusing on swift adaptation to regulatory changes and leveraging AI technologies.