Why Ark Chose Drata as the Guide to SOC 2 Success

A case of how Drata simplifies and accelerates the path to compliance
ABOUT Ark
Ark is an operating platform for private equity and venture capital funds and administrators built from the ground up to be secure, scalable, and seamless. Our mission is to become a one-stop shop for fund administrators and investors to access their information, tax documentation, provide fund administration services, and more, all within a modern, secure, dynamic platform.
Website
Location
Boston & San Francisco
INDUSTRY
FinTech
SOCIAL

Why SOC 2

As Ark expands its customer base and starts servicing ever more sophisticated clients, the platform faces higher demands and requirements surrounding data security and privacy. For us, investing in security isn’t just something we do as a band-aid afterthought; it’s a significant driver in our conversations with clients and prospects who need to know their funds’ and investors’ data is protected. SOC 2 compliance is yet another step along the path of our security program, where “the journey is the destination” as we continuously refine and improve.

The Challenge

Even though the team at Ark had significant experience with other compliance frameworks, SOC 2 was relatively new and would require material pre-audit research and alignment. We could resolve this knowledge gap through a brute force/hard work approach, risking unexpected delays, mistakes and resource overruns, or look for an alternative way to streamline our SOC 2 efforts. In Drata we found a partner that uses a highly automated SOC 2 monitoring framework to not only streamline our efforts, but provide an efficient path to compliance all but eliminating the barrier to entry.

The platform empowered us to become SOC 2 experts while – not before – embarking on the journey, saving valuable time and resources.

Why Drata

As a cloud-native platform, migrating to Drata makes compliance automation a no-brainer. We knew we could start on the SOC 2 journey right away because Drata’s templates served as helpful guardrails that were already in place. Using Drata’s automated continuous monitoring provides peace of mind knowing we’ll be notified if we fall out of compliance and need to amend a control quickly.

ROI

Drata greatly reduced the barrier to entry and really simplified the SOC 2 process; they saved us at least 50% of time just in getting started. Their ecosystem of integrations and auditor community also streamlined and automated the overall experience. It’s much easier working with service providers and auditors who are familiar with and integrated into the Drata platform, as you can granularly grant them access to policies and controls. We continue to drive efficiencies and cost savings through a vendor management optimization review process that re-evaluates our existing providers against alternatives that are pre-integrated into the Drata platform.

What’s Next?

We’re continuing to enhance our platform with new features that drive scalability for new and existing customers. Ark has started the SOC 2 Type 2 process and is considering other security and privacy frameworks to highlight our commitment and further stand out from our competitors. At Ark, security and privacy are baked into the product from the very beginning, not sprinkled on top afterwards. Leveraging third party audits and compliance frameworks (especially ones that utilize continuous monitoring), assures our customers their data and their customer’s data is in safe hands.

Working with Drata on SOC 2 compliance has been smooth sailing from start to finish. Whenever questions arose, live-chat sessions with Drata’s outstanding support team solved items quickly and efficiently which was invaluable during the pre-audit phase. Automating the path to compliance has allowed us to enhance our overall security posture and show tangible proof to our customers that data security and privacy are always a top priority. Combining the Ark platform with Drata’s automation, integrations, and auditor partners proved a winning formula.

Michael J. Ellis, CISA, CISSP, CDPSE - CTO, Ark

Subscribe & receive the latest content.

Subscribe & receive the latest content.

PUT COMPLIANCE ON AUTOPILOT

Get Started Today

Close more sales and build trust faster while eliminating the hundreds of hours of manual work that used to go into maintaining your SOC 2 report and ISO 27001 certification.

JOIN THE 1,000+ COMPANIES THAT TRUST DRATA
Trusted by the best: