Brex Modernizes GRC plus Assurance with Drata
Challenge
- Manual evidence collection through spreadsheets and tickets slowed audits and increased workload.
- Fragmented tools (shared drives, ticketing systems) created visibility gaps and inefficiencies.
- Sales and security reviews stalled deals due to manual NDA and documentation requests.
- Limited ability to monitor control performance or detect compliance drift in real time.
- Vendor risk data scattered across multiple systems, requiring duplicate reviews and manual tracking.
“We needed to speed up third-party reviews, monitor controls continuously, and empower our go-to-market teams without turning GRC into a bottleneck.”
Solution
- Implemented Drata’s unified GRC platform to centralize risk, compliance, and trust workflows.
- Connected AWS, Okta, Workday, GitHub, Jamf, CrowdStrike, Wiz, and Confluence for automated, continuous control monitoring.
- Launched a branded SafeBase Trust Center to automate NDA workflows and provide instant customer access to SOC 2, ISO, and policy documentation.
- Migrated ~1,100 vendors into Vendor Risk Management (VRM), integrating with Ironclad and Okta app discovery to streamline reviews.
- Adopted Audit Hub to execute internal audits with preserved artifacts and historical records, replacing spreadsheets and email trails.
- Partnered closely with Drata’s Customer Success team for a white-glove migration completed in under one month with zero data loss.
Background
Brex is a rapidly growing fintech company that handles sensitive financial and credit card data in a highly regulated environment. To win and retain customers, Brex must demonstrate strong security and compliance, trust is paramount.
Brex’s Governance, Risk, and Compliance (GRC) team, part of the broader Trust organization, manages multiple frameworks (SOC 1, SOC 2, PCI, ISO 27001, IT General Controls, NIST, GDPR, and more) and risk programs to meet strict regulatory and customer requirements. As Brex scaled, its existing tools and processes began to strain under increasing demands. The team relied on an alternate solution as a control library while using spreadsheets and ticketing systems to manage evidence collection and workflows. This patchwork approach made it difficult to proactively monitor controls, slowed customer security reviews, and left GRC team members bogged down in manual tasks.
Realizing they needed a more robust, unified platform to mature their compliance program and maintain customer trust, Brex turned to Drata, an integrated GRC automation platform, and SafeBase Trust Center, Drata’s trust transparency solution.
The goal: streamline customer due diligence, automate continuous control monitoring, and centralize all risk and compliance activities in one platform.
“Drata + SafeBase has helped Brex strengthen customer trust and scale our Risk, Compliance, and Security programs.”
Streamlining Customer Due Diligence and Questionnaires with a Trust Center
Before Drata, Brex’s GRC and sales teams spent hours handling repetitive customer security questionnaires and document exchanges. Each new prospect required manual NDA coordination and file sharing, slowing down deal cycles.
With Drata’s SafeBase Trust Center, Brex launched a self-service security portal where customers can access up-to-date compliance documents after e-signing an automated NDA. The portal, customized to Brex’s branding, centralizes all security and compliance materials, saving the GRC team countless hours.
“SafeBase unlocked real potential for our GTM teams, who can now share a single Trust Center link with prospects instead of chasing this information down internally.”
The Trust Center accelerated due diligence and empowered sales teams to provide real-time assurance. What once took days now takes minutes, helping Brex close deals faster while maintaining complete transparency.
Proactive Audit Readiness Across Multiple Frameworks
Brex needed a way to shift from periodic, manual audits to continuous monitoring across multiple frameworks. The existing process depended on manual effort, making real-time detection of control failures extremely onerous.
With Drata’s Continuous Control Monitoring, Brex integrated systems like AWS, Okta, GitHub, and Workday to automate evidence collection and alert teams immediately when controls drift. This proactive monitoring now covers SOC 1, SOC 2, ISO 27001, PCI, IT General Controls, and NIST providing daily assurance instead of quarterly spot checks.
“Control monitoring and the integrations with our core systems have made the biggest impact, giving us real-time visibility and a reliable, streamlined way to manage compliance.”
This approach has already delivered measurable results, an 81% continuous-test pass rate achieved during rollout, with owners targeting 90% completion. Audit preparation has become faster, smoother, and data-driven.
Scaling the GRC Program with One Integrated Trust Management Platform
As Brex expanded globally, siloed tools limited its ability to scale. The GRC team managed vendors, controls, and audits across multiple systems, creating duplication and inefficiency.
Drata provided a single integrated platform for GRC and trust management, combining frameworks, internal audit cycles, and vendor risk reviews into one system. Brex migrated its entire control library, risk register, and vendor data, ~1,100 vendors in total, into Drata, aligning evidence collection and monitoring with internal audit cadences.
“Today, we have a centralized platform that brings together all aspects of our Risk and Compliance programs, fully integrated with our core systems. Our control library, monitoring, internal audit, third-party management, and risk management all live in one place.”
The result is a holistic, scalable trust management platform that supports global frameworks and continuous compliance. Internal audits now run directly in Drata, with artifacts preserved for future cycles, delivering a 5x faster internal audit process and reducing reliance on manual workflows.
Organizational Impact and Empowering GRC Careers
Drata didn’t just elevate Brex’s compliance posture, it transformed the visibility and influence of the GRC function itself. With tangible performance metrics and unified dashboards, Allan Silva’s team can more effectively demonstrate how their work contributes directly to customer trust, retention, and revenue enablement.
“GRC and the broader Trust org have become critical to customer acquisition and retention. We’ve shifted from a defensive function to a business enabler.”
GRC is a strategic enabler within Brex, unlocking organizational efficiency and strengthening cross-functional trust. The increased transparency has also accelerated professional growth for Allan and his team, positioning GRC as both a business accelerator and a rewarding career path within Brex’s trust organization.
What Drata Unlocked for the GRC Team at Brex
With Drata, Brex unlocked capabilities that were previously out of reach.
- Continuous compliance: Automated monitoring and testing across all major frameworks—SOC 1, SOC 2, PCI, NIST, and ISO 27001 —ensuring audit readiness at all times.
- Scalability and consolidation: Unified vendor management, risk programs, and audits in one platform, eliminating redundant tools and manual effort.
- Trust transparency: SafeBase integrated directly with Drata, allowing Brex to showcase its security posture instantly to customers and prospects.
- Data-driven insights: Dashboards and metrics that quantify compliance maturity, risk trends, and control health—transforming GRC from reactive oversight to proactive strategy.
- Partnership and support: Drata’s white-glove migration and responsive Customer Success team ensured a seamless transition from legacy tools, enabling rapid adoption.
“Drata was simply a better fit for the size Brex was becoming—comprehensive, complete, and scalable for where we’re headed.”
Together, Drata and SafeBase have given Brex a unified, intelligent GRC foundation, one that scales with the business, reduces operational friction, and strengthens trust at every level.
Future Outlook
Brex plans to leverage Drata’s upcoming AI-driven automation and VRM AI Agent to further optimize compliance workflows and reduce analyst workload.
“GRC is becoming a more engineering-focused discipline. AI can help analysts automate workflows and unlock new potential.”
As Brex continues global expansion, Drata will remain the foundation of its trust and compliance strategy, supporting continuous assurance at enterprise scale.
Latest Stories
Chart Your Course
Navigate to new worlds of trust with Drata.
Chart Your Course
Navigate to new worlds of trust with Drata.