How Softcat Reduced Audit Time by 40% with Drata
Before Drata: Managing Compliance Across Multiple Frameworks with Manual Processes
Softcat, a leading value-added reseller in the UK, supports thousands of businesses with IT solutions, ranging from security and data management to cloud and collaboration services. With the company’s rapid growth and expanding service offerings, Softcat found themselves grappling with a growing list of frameworks, including ISO 27001, ISO 9001, and GDPR. Each framework required meticulous documentation, evidence collection, and audits to maintain and ensure data security.
Softcat’s internal compliance processes were largely manual. They relied heavily on spreadsheets, shared folders, and individual teams coordinating compliance activities in silos. This disjointed approach not only led to inefficiencies, but also left Softcat vulnerable to inconsistencies in their audit readiness and resource constrained. "A lot of the audits we undertook were ad hoc, and we found ourselves constantly gathering the same evidence for different frameworks. It became incredibly time-consuming, with multiple departments getting pulled into a process that could have been more streamlined," shared Dominic Powell, IT Risk Manager at Softcat.
As Softcat's service offering and customer base grew, the need for a more scalable and efficient approach became critical. They needed a platform that would not only streamline the audit process but also improve operational efficiency and governance, ensuring they stayed ahead of potential risks while safeguarding customer trust.
Automating and centralizing compliance management with Drata
For Dominic and his team, the most attractive feature was Drata’s ability to allow the "collect once, comply many" approach. With this solution, Softcat could collect evidence one time and apply it to multiple audits and frameworks, rather than recreating the wheel with every audit cycle. Drata’s automated workflows and customizable control mappings allowed Softcat to configure their program to their business needs, turning what was once a months-long, resource-intensive endeavor into proactive monitoring that freed up time for other areas of the business.
“The platform's real-time monitoring gave us visibility into potential issues before they became problems, which meant less scrambling during audit preparation.”
With Drata’s real-time monitoring feature, Softcat could address security or compliance gaps as they occurred, rather than waiting for an audit to uncover them. This proactive approach not only enhanced their audit readiness but also improved their overall security posture.
Additionally, Drata’s platform provided Softcat with the ability to create custom frameworks that aligned with their unique governance requirements, ensuring they could adapt the tool to their specific compliance needs.
40% Time Reduction, Improved Audit Efficiency, and Enhanced Security
After implementing Drata, Softcat saw immediate results. Audit preparation time decreased significantly, with the team experiencing a 40% reduction in staff time required for audits. This freed up resources to focus on higher-value tasks, while ensuring audit accuracy and timeliness.
“Being able to present everything in one place through Drata has been fantastic. We've eliminated a lot of the inefficiencies that came with manual processes and cut down on pulling in valuable resources for repetitive tasks. It’s made our audit process smoother and more manageable.”
Drata’s automation also provided a more seamless experience for Softcat’s internal stakeholders, allowing teams to collaborate efficiently and reduce bottlenecks. By centralizing evidence collection and compliance tracking, Softcat could ensure that they were always ready for an audit, whether it was for ISO 27001, ISO 9001, or future frameworks like NIST and PCI-DSS.
The real-time monitoring and instant alerts built into Drata allowed Softcat to stay one step ahead of potential risks. The company could address issues as they arose, ensuring they were consistently meeting the compliance requirements of the frameworks they were working toward and safeguarding customer data year-round, not just during audit season.
“Our mission is to always ensure our customers’ data is secure and to demonstrate that we’re meeting the highest standards. With Drata, we’ve been able to take our compliance program to the next level, not just in terms of efficiency but also in terms of proactively safeguarding sensitive information.”
By leveraging Drata’s platform, Softcat has not only strengthened their overall security posture and improved visibility into compliance status, but they’ve also reduced the manual effort involved in maintaining ongoing compliance.
Latest Stories
Chart Your Course
Navigate to new worlds of trust with Drata.
Chart Your Course
Navigate to new worlds of trust with Drata.