Drata

Enterprise Risk Management

Research / User Testing / UX / Design

Drata quickly established itself in the Governance, Risk, and Compliance industry, but were at risk of becoming victims of their own success. They had grown by exclusively serving small and medium businesses. The time had come to move upmarket and begin capturing enterprise prospects.

This required transforming the ad hoc Risk Management tool into a cohesive, scalable, and flexible product. As one of six team members, I led research, design, and ideation to define, validate, and deliver artifacts that would enable a robust enterprise-level solution.

Discovery

No formal user research had ever been done for Risk Management. It was a product built entirely on assumptions. We desperately needed to get to know our users.

I began interviewing customers at companies of all sizes. These interviews were supplemented with customer support and sales team interviews. I also combed through our archive of recorded customer calls leveraging deep keyword searches within the call transcripts. Findings were synthesized, tagged, and made available to product teams across the company.

Wireframes and low-fidelity designs were produced as research was conducted and I began incorporating usability and desirability studies into the process.

Multi-register dashboard desirability studies

Multi-register dashboards were tested early by using pre-existing designs as leaping-off points to minimize the amount of time spent designing. These were created along with risk register design candidates as a part of the whole testing suite. Ultimately, these were seen as secondary to the enterprise risk management effort as we needed to ensure a solid foundation first, and scheduled for later development.

Research Methods

Card sorting
Remote moderated testing

Key Findings

Our customers were using Excel as a solution for missing features and rigidity of our product.

Concept testing
Diary studies

Every organization’s approach to risk management was unique. There was no significant overlap.

User interviews
Desirability studies

Being able to use multiple registers at once was the gold standard ask of enterprise customers.

Legacy code was a major hindrance as the original product wasn’t built on an actual table.

Proposed Approach

By forgoing larger, flashier enterprise features and building a proper, robust table component we enable our users to effectively engage with the product how they and their organization’s data requires. Removing pain points in the short term allows us to build a foundation that will serve us in the long term.

Additionally, the component is contributed back to the design system and used in a multitude of other products which alleviates numerous app-wide pain points.

The MVP

The deployed table solved several immediate problems for users. They could now sort, choose which columns/data points to show and hide, freeze columns to allow for scrolling across large quantities of data while still retaining critical context, and save views based on workflow or role.

Post-deployment user sentiment was overwhelmingly positive across SMB segments. Enterprise customers, while still voicing their desire for things like mixed register dashboards and register nesting, found the flexibility and scalability capable of meeting their sophisticated workflows.

Post-script

The component was immediately made available in Drata’s component library and leveraged for numerous other products within their software suite. Because of the work done upfront, the effort required to meet the needs of other teams was minimized and encouraged rapid iteration across the organization.

Additional Delivered Projects

Role Based Access Control

Designed a full RBAC system for Drata’s software. Solution had to accommodate small, ten person organizations and scale to enterprise levels. Accounted for things like workspaces, divisions, and custom roles with granular permissions.

Residual Risk Scoring

Led research and design of Residual Risk feature. Solution enabled users to assign a calculated score after mitigating factors and evidence had been supplied during the assessment. These scores were factors in to their analytics dashboard, also designed as part of this effort, and risk posture status.

Onboarding Wizard

Designed an end to end solution aimed at easing onboarding pains for SMBs. Allowed users to establish relevant areas of concern in their register, gather risks pertinent to their organization’s operations, and a head start on scoring.

Next
Next

Case study: Instructure