Share your experience using ARIS Risk and Compliance Manager

Our main use case for Delve Automated Compliance Platform is for SOC 2 and HIPAA compliance, but the platform also helps with all kinds of frameworks. A quick specific example of how I use it day-to-day is that we mainly rely on it for keeping our compliance up to date.

Delve Automated Compliance Platform helps with those frameworks through the Delve bot for PR reviews in GitHub, and they automate testing, so we can ensure that our infrastructure is safe and secure.

Delve Automated Compliance Platform is super responsive, which I appreciate in my daily workflow.

The best features Delve Automated Compliance Platform offers include tests and ensuring that all the integrations are still compliant with what they need to be in order to meet whether that is HIPAA or SOC 2, which helps to keep it up over time and not just as a one-time exercise.

These features make such a difference for my organization because they save me time; otherwise, I might not be compliant with a SOC 2 audit, which would cost too much time.

Delve Automated Compliance Platform has positively impacted my organization, particularly in terms of security. A specific example of how Delve Automated Compliance Platform has improved security for my organization is the useful bot in PR review, which helps us catch potential issues.

Using Delve Automated Compliance Platform has led to measurable changes for my organization; we are now SOC 2 and HIPAA compliant, which helps us close more deals and be more competitive.

Delve Automated Compliance Platform can be improved by expanding the frameworks; I think the more, the better, and I am very happy with their service.

The needed improvements mainly involve expanding the frameworks; the product is already fantastic, and perhaps some more integrations for applications would be great.

I have been using Delve Automated Compliance Platform for a bit more than three months by now, and we passed SOC 2 and HIPAA with them.

Delve Automated Compliance Platform's scalability is perfectly fine; it scales to whatever we need.

I would rate the customer support on a scale of one to ten a ten.

Positive

Before choosing Delve Automated Compliance Platform, I evaluated other options like Vanta and others, but we were the most happy because of their responsiveness.

I did not purchase Delve Automated Compliance Platform through the AWS Marketplace, but we worked together with them.

I rate Delve Automated Compliance Platform a five on a scale of one to five because they are extremely responsive, which stands out most to me and made me choose the highest rating. I gave it a five overall.

There is no advice needed for others looking into using Delve Automated Compliance Platform; as soon as they make the decision, they should be fine.

Our primary use case for Delve is obtaining and continuously maintaining third-party verified compliance, specifically SOC 2, as a prerequisite for selling to large enterprise customers. In our market, compliance is less about internal governance and more about external trust. Without independently verified controls, meaningful enterprise conversations simply do not progress. The automated checks, evidence collection, and clear control mapping allow us to treat SOC 2 as an ongoing operational baseline.

Delve materially reduced the cost, time, and cognitive load required to achieve and maintain SOC 2. What would otherwise have required significant internal process design, manual evidence gathering, and constant coordination was largely handled through automated checks and a well-structured compliance workflow. Instead of being a blocking function owned by one person or team, compliance became embedded in day-to-day operations with clear ownership and visibility. This allowed us to move faster with enterprise customers while increasing confidence that controls remain intact as the business scales.

GitHub automated checks continuously verify key security controls, such as repository settings and access hygiene, without manual audits. That removes a lot of human process risk and keeps evidence current. Always-on 2FA monitoring is a huge advantage because it is a control that can silently drift over time due to new users, permission changes, or offboarding gaps. Having it enforced continuously is much more reliable than periodic spot checks. Real-time compliance notifications are what make the automation actionable. Instead of discovering issues during an audit scramble, we get immediate visibility when something falls out of compliance, so we can remediate quickly and maintain a steady compliance posture.

There is a need to reduce CI disruption from false positives. The security scan job can block CI runs on findings that are context-dependent and not actually exploitable in our environment. That creates noise and slows engineering velocity. We need better controls for more granular tuning and suppression to mark findings as accepted risk or not applicable with context, expiry, and audit trail. This will help compliance stay strong without repeatedly re-litigating the same issue. Prioritization would improve if findings were mapped to likelihood and impact and enriched with repository and runtime context. For example, it should only fail builds on truly high-confidence, high-severity issues.

We have used the solution for half a year.

We did not use any previous solutions.

It is advisable to get a few quotes and compare apples-to-apples across what is included, such as audit support, number of frameworks, integrations, vendor risk, continuous monitoring, etc. Pricing varies a lot based on bundles and company stage, so it is worth negotiating and choosing based on total cost-to-compliance, which includes time and internal effort, not just the list price.

We evaluated Vanta. For our stage, it was meaningfully more expensive, felt less integrated with the parts of our stack we cared about day-to-day, and the overall support experience was less responsive and helpful. Delve got us to third-party verified compliance faster with more hands-on guidance and automation that actually matched how our engineering team works.

We have really appreciated the customer support. Response times are fast, answers are high quality, and the team is genuinely helpful when we run into edge cases.