Drata, Privacy And SOC2 compliance process 2021
Compliance automation platforms like drata or secureframe greatly decrease the cost of the actual audit since it makes evidence collection that the proper security controls are in place and are functioning much easier.
Drata is a vendor that helps a company navigate your SOC2 compliance process, by organizing all the controls and helping you gather evidence that you have done so. For instance, they'll connect with Github and make sure everyone with access to your repos is a company employee. If you don't use Drata you have to gather this evidence yourself, repeatedly over months, and it's a pain.
The Drata agent is a pretty innocuous thing. It checks you have done things like turn on disk encryption, have updates enabled, and that the screen locks if you walk away. It does NOT monitor employee's activities. These kind of security checks are incredibly common and are required for certifications like ISO27001 and SOC2. SOC2 is not really optional for large enough b2b SaaS.
As a freelancer, whether you are required to install security monitoring software is definitely an open question. If you're delivering work separately and not connected to company systems, then ok. If you're basically just acting like any other employee, and connected to the company systems, then you will probably have to do this. Because otherwise they would fail SOC2 and managing your legal status as "Freelancer" vs "Employee" (for tax reasons) is not worth not being certified.
COPYRIGHT_WI: Published on https://washingtonindependent.com/drata/ by Susan Murillo on 2022-06-21T03:17:00.642Z