Our use case involved SOC 2 Type I and Type II, as well as Penetration Testing.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
7 reviews
from
External reviews are not included in the AWS star rating for the product.
Structured guidance has simplified our SOC 2 audits and has improved our compliance confidence
What is our primary use case?
How has it helped my organization?
Delve was a great partner for our SOC 2 Type I and Type II journey. Their customer support team was amazing, super patient, responsive, and always happy to help whenever we had questions. We really appreciated how structured and guided the platform was. It made the whole process much less overwhelming and easy to implement. The team made sure we were doing things the right way while helping us resolve small issues along the way. Overall, I had a great experience and it is a service I would absolutely recommend to others to use.
What is most valuable?
The customer support really stands out. They have been responsive and genuinely helpful whenever we have needed them. The policy templates were also great, especially for getting started, since they make it easy to understand how policies should be structured and what to include. I also really enjoyed the AI tool and how well it understands the policies and controls we already have in place.
What needs improvement?
Delve has little to no issues. One minor challenge we ran into was occasional confusion around which forms needed to be completed for the audit. That said, their superb customer support team quickly cleared things up every time, so it was never a blocker.
For how long have I used the solution?
We have been using the solution for 2 months.
What's my experience with pricing, setup cost, and licensing?
I think Delve's pricing is incredibly fair, especially for the quality of service they provide.
Which other solutions did I evaluate?
We evaluated Drata but decided that Delve perfectly fitted our needs.
What other advice do I have?
I highly recommend Delve to others!
Automation has transformed our audit readiness and reduces manual SOC 2 compliance work
What is our primary use case?
DineU uses Delve primarily to automate SOC 2 compliance across our AWS-based infrastructure. It serves as our system of record for controls, evidence collection, and audit readiness. This replaces manual spreadsheets and ad-hoc evidence gathering.
How has it helped my organization?
Delve significantly reduced the time and effort required to prepare for SOC 2 audits. Continuous monitoring gives us real-time visibility into control gaps instead of point-in-time checks. This allows our engineering team to focus on building the product rather than compliance admin.
What is most valuable?
Automated evidence collection is the most valuable feature for DineU because it eliminates manual screenshots and exports. Continuous control monitoring helps us catch configuration drift early. Auditor-ready reports streamline external audit reviews.
What needs improvement?
The UI could be more intuitive when navigating between controls and evidence. Deeper native integrations with Jira for remediation tracking would add value.
For how long have I used the solution?
I have used this solution for less than one year.
Which solution did I use previously and why did I switch?
We did not use a previous solution.
What's my experience with pricing, setup cost, and licensing?
Delve is a competitive platform in terms of pricing, and their account executives are great to talk with and continue to work with.
Which other solutions did I evaluate?
We evaluated tools like Drata, Vanta, and native CSPM solutions. Delve stood out for stronger control mapping and evidence automation. It aligned better with our technical SOC 2 needs.
What other advice do I have?
We are very glad we worked with Delve, and their support team has been wonderful to work with.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Expanded compliance frameworks have reduced audit effort and now support stronger security
What is our primary use case?
Our main use case for Delve Automated Compliance Platform is for SOC 2 and HIPAA compliance, but the platform also helps with all kinds of frameworks. A quick specific example of how I use it day-to-day is that we mainly rely on it for keeping our compliance up to date.
Delve Automated Compliance Platform helps with those frameworks through the Delve bot for PR reviews in GitHub, and they automate testing, so we can ensure that our infrastructure is safe and secure.
Delve Automated Compliance Platform is super responsive, which I appreciate in my daily workflow.
What is most valuable?
The best features Delve Automated Compliance Platform offers include tests and ensuring that all the integrations are still compliant with what they need to be in order to meet whether that is HIPAA or SOC 2, which helps to keep it up over time and not just as a one-time exercise.
These features make such a difference for my organization because they save me time; otherwise, I might not be compliant with a SOC 2 audit, which would cost too much time.
Delve Automated Compliance Platform has positively impacted my organization, particularly in terms of security. A specific example of how Delve Automated Compliance Platform has improved security for my organization is the useful bot in PR review, which helps us catch potential issues.
Using Delve Automated Compliance Platform has led to measurable changes for my organization; we are now SOC 2 and HIPAA compliant, which helps us close more deals and be more competitive.
What needs improvement?
Delve Automated Compliance Platform can be improved by expanding the frameworks; I think the more, the better, and I am very happy with their service.
The needed improvements mainly involve expanding the frameworks; the product is already fantastic, and perhaps some more integrations for applications would be great.
For how long have I used the solution?
I have been using Delve Automated Compliance Platform for a bit more than three months by now, and we passed SOC 2 and HIPAA with them.
What do I think about the scalability of the solution?
Delve Automated Compliance Platform's scalability is perfectly fine; it scales to whatever we need.
How are customer service and support?
I would rate the customer support on a scale of one to ten a ten.
How would you rate customer service and support?
Positive
Which other solutions did I evaluate?
Before choosing Delve Automated Compliance Platform, I evaluated other options like Vanta and others, but we were the most happy because of their responsiveness.
What other advice do I have?
I did not purchase Delve Automated Compliance Platform through the AWS Marketplace, but we worked together with them.
I rate Delve Automated Compliance Platform a five on a scale of one to five because they are extremely responsive, which stands out most to me and made me choose the highest rating. I gave it a five overall.
There is no advice needed for others looking into using Delve Automated Compliance Platform; as soon as they make the decision, they should be fine.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Continuous compliance automation has reduced SOC 2 effort and builds enterprise customer trust
What is our primary use case?
Our primary use case for Delve is obtaining and continuously maintaining third-party verified compliance, specifically SOC 2, as a prerequisite for selling to large enterprise customers. In our market, compliance is less about internal governance and more about external trust. Without independently verified controls, meaningful enterprise conversations simply do not progress. The automated checks, evidence collection, and clear control mapping allow us to treat SOC 2 as an ongoing operational baseline.
How has it helped my organization?
Delve materially reduced the cost, time, and cognitive load required to achieve and maintain SOC 2. What would otherwise have required significant internal process design, manual evidence gathering, and constant coordination was largely handled through automated checks and a well-structured compliance workflow. Instead of being a blocking function owned by one person or team, compliance became embedded in day-to-day operations with clear ownership and visibility. This allowed us to move faster with enterprise customers while increasing confidence that controls remain intact as the business scales.
What is most valuable?
GitHub automated checks continuously verify key security controls, such as repository settings and access hygiene, without manual audits. That removes a lot of human process risk and keeps evidence current. Always-on 2FA monitoring is a huge advantage because it is a control that can silently drift over time due to new users, permission changes, or offboarding gaps. Having it enforced continuously is much more reliable than periodic spot checks. Real-time compliance notifications are what make the automation actionable. Instead of discovering issues during an audit scramble, we get immediate visibility when something falls out of compliance, so we can remediate quickly and maintain a steady compliance posture.
What needs improvement?
There is a need to reduce CI disruption from false positives. The security scan job can block CI runs on findings that are context-dependent and not actually exploitable in our environment. That creates noise and slows engineering velocity. We need better controls for more granular tuning and suppression to mark findings as accepted risk or not applicable with context, expiry, and audit trail. This will help compliance stay strong without repeatedly re-litigating the same issue. Prioritization would improve if findings were mapped to likelihood and impact and enriched with repository and runtime context. For example, it should only fail builds on truly high-confidence, high-severity issues.
For how long have I used the solution?
We have used the solution for half a year.
Which solution did I use previously and why did I switch?
We did not use any previous solutions.
What's my experience with pricing, setup cost, and licensing?
It is advisable to get a few quotes and compare apples-to-apples across what is included, such as audit support, number of frameworks, integrations, vendor risk, continuous monitoring, etc. Pricing varies a lot based on bundles and company stage, so it is worth negotiating and choosing based on total cost-to-compliance, which includes time and internal effort, not just the list price.
Which other solutions did I evaluate?
We evaluated Vanta. For our stage, it was meaningfully more expensive, felt less integrated with the parts of our stack we cared about day-to-day, and the overall support experience was less responsive and helpful. Delve got us to third-party verified compliance faster with more hands-on guidance and automation that actually matched how our engineering team works.
What other advice do I have?
We have really appreciated the customer support. Response times are fast, answers are high quality, and the team is genuinely helpful when we run into edge cases.
Automated evidence collection has simplified our SOC 2 audits and improves cross‑team visibility
What is our primary use case?
Our primary use case is achieving and maintaining SOC 2 compliance with minimal manual overhead. We use Delve to centralize evidence collection, manage controls, and stay audit-ready as the organization scales.
How has it helped my organization?
Delve significantly reduced the time and effort required to prepare for SOC 2 audits. The automated evidence collection and clear control mapping helped us move faster, stay organized, and avoid last-minute audit stress. It also improved visibility across teams into compliance status.
What is most valuable?
Automated evidence collection saves time and reduces human error. Clear SOC 2 control mapping makes it easy to understand what’s required and why. Audit readiness tracking helps ensure nothing falls through the cracks.
What needs improvement?
I believe expanded integrations with additional security and DevOps tools would be beneficial.
For how long have I used the solution?
I have used the solution for 1 year.
Which solution did I use previously and why did I switch?
We previously relied more on manual processes. We switched to Delve to reduce operational burden, improve accuracy, and have a more scalable compliance solution.
What's my experience with pricing, setup cost, and licensing?
Delve is fairly priced for the value it provides. When you factor in time saved, reduced audit friction, and lower internal effort, the ROI is strong.
Which other solutions did I evaluate?
What other advice do I have?
I do not have any additional advice.
GitHub checks have improved security reviews but still find inconsistent issue quality
What is our primary use case?
I use this solution for GitHub CI checks.
How has it helped my organization?
It helps flag any security issues before merging PRs.
What is most valuable?
A valuable feature is its ability to flag any security issues before merging PRs.
What needs improvement?
There is room for improvement in the quality of issues found.
For how long have I used the solution?
I have been using this solution for one month.
Which solution did I use previously and why did I switch?
I did not use any previous solutions.
What's my experience with pricing, setup cost, and licensing?
There are no setup costs.
What other advice do I have?
I have no other advice.
Compliance support has accelerated certification progress and builds stronger customer trust
What is our primary use case?
Delve is helping Dimension achieve SOC2 Compliance and GDPR certifications for our platform in order to build trust with our customers. Additionally, they are assisting us with CASA Tier 2 verification.
How has it helped my organization?
Delve has been extremely helpful in accelerating our SOC2 and GDPR compliance process. We have also successfully attained CASA Tier 2 verification thanks to their help and rapid verification.
What is most valuable?
Delve answers any questions within hours. They have a highly professional and qualified team that is supportive and moves fast.
What needs improvement?
I believe there could be a deeper integration of AI to accomplish even more compliance steps.
For how long have I used the solution?
I have been using the solution for 5 months.
Which solution did I use previously and why did I switch?
This is our first time using a compliance solution.
What's my experience with pricing, setup cost, and licensing?
Delve is one of the most pricing-friendly companies to use, especially considering the incredible support I receive and the fantastic product.
Which other solutions did I evaluate?
What other advice do I have?
Overall, I had a fantastic experience with Delve, and I would highly recommend them.
showing 1 - 7