L-B.

The user

Compliance managers oversee organization personnel to ensure their individual compliance through means such as signing policies and maintaining device security. When personnel experience extenuating circumstances, managers must manually exclude the personnel from corresponding tests so that organization’s overall compliance will remain unaffected. This is both difficult and tedious to track.

The role

Having recently joined Drata, I embarked on simultaneously learning about the overall product as well as the specific personnel-related features. I paired extensively with not only my PM but also our content designer to better understand industry and product-specific nomenclature so I could best empathize with the user.

Discovery

First, my PM and I collected and analyzed insights from Productboard to gauge customer demand and specific use cases. Then we identified the bounds of the problem space including what was out of scope and potential risks to other product areas. Finally, we were able to form these into a problem statement that we shared with the rest of our domain to gather initial feedback (both product and engineering).

User journey

We then mapped the use cases and their entry points against the current experience to identify existing shortcomings. By finding the dead ends, we were able to better consider the overall information architecture and where new data and capabilities would best fit.

We also further separated the v1 features from future release features to ensure the engineering and design could be set up to accommodate for both.

Challenging the landscape

The personnel table was a fairly untouched area of the app that was already older, crammed with icons and input fields that couldn’t even fit into a standard viewport width. I did briefly explore fitting exclusions as another filter on the table, but the hierarchy felt skewed because exclusions act as a status against other metadata, making it difficult to sort or toggle.

Over-engineering

I also started working on basic wireframes that were more formula-driven, with inspiration from products like amplitude, but I quickly realized after sharing with my team that this was overly complex for the majority use case (excluding future hire personnel)

Internal research

Drata’s compliance team uses many features of Drata to manage compliance, including the personnel page. By user testing and walking through the new exclusion feature with them, I was able to gauge if our mental models matched up with their needs and pivot where appropriate.

Compromising

In between minimal changes and brand-new components and flows, I was able to weigh user needs and familiarity with the rest of the app’s componentry and flows. I explored showcasing existing exclusions using different patterns such as standalone tables and tables underneath tabs.

Creation flow and overlays

For exclusion creation, I had to consider existing entry points (full page, drawer, modal) and how a user would be able to most seamlessly travel in and out of the creation flow. I tried out full-page stepped forms, modals, and drawers.

Minimal tables

After several iterations and revisions based on wider org and engineering team feedback, I settled on a separate tab and table specifically for exclusions, so that the user can primarily focus on the majority of personnel compliance through the main table while still having the option to manage exclusions as a whole elsewhere.

Individual-level exclusions can also be accessed via the personnel details drawer, where the user can view further information about each aspect of the personnel’s compliance.

Refreshing form inputs

The exclusion creation and editing experience is accessible via drawer to keep the amount of page-level element layering at a maximum of two. This also aligns with how table row information is accessed via drawer, and also is interchangeable with the personnel detail drawer if need be (as a secondary layer of the drawer).

Key takeaways

Maintaining open options and trying different approaches early on gave me more time to get up to speed with the design system and patterns, and to observe commonalities with other areas of the app. This way, the amount of reduplicated or thrown away engineering work was kept to a minimum.

Future status

By maintaining open channels of communication with customers, we were able to implement fast follows such as aggregating upcoming exclusion warning emails. We could also track the ratios of group to individual exclusions in order to better understand how broadly they’re applied and if we were abiding by our automation principle.