Why Ark Chose Drata as the Guide to SOC 2 Success
Ark is an operating platform for private equity and venture capital funds and administrators built from the ground up to be secure, scalable, and seamless. Our mission is to become a one-stop shop for fund administrators and investors to access their information, tax documentation, provide fund administration services, and more, all within a modern, secure, dynamic platform.
Why SOC 2
As Ark expands its customer base and starts servicing ever more sophisticated clients, the platform faces higher demands and requirements surrounding data security and privacy. For us, investing in security isn’t just something we do as a band-aid afterthought; it’s a significant driver in our conversations with clients and prospects who need to know their funds’ and investors’ data is protected. SOC 2 compliance is yet another step along the path of our security program, where “the journey is the destination” as we continuously refine and improve.
Even though the team at Ark had significant experience with other compliance frameworks, SOC 2 was relatively new and would require material pre-audit research and alignment. We could resolve this knowledge gap through a brute force/hard work approach, risking unexpected delays, mistakes and resource overruns, or look for an alternative way to streamline our SOC 2 efforts. In Drata we found a partner that uses a highly automated SOC 2 monitoring framework to not only streamline our efforts, but provide an efficient path to compliance all but eliminating the barrier to entry.
The platform empowered us to become SOC 2 experts while – not before – embarking on the journey, saving valuable time and resources.
As a cloud-native platform, migrating to Drata makes compliance automation a no-brainer. We knew we could start on the SOC 2 journey right away because Drata’s templates served as helpful guardrails that were already in place. Using Drata’s automated continuous monitoring provides peace of mind knowing we’ll be notified if we fall out of compliance and need to amend a control quickly.
Drata greatly reduced the barrier to entry and really simplified the SOC 2 process; they saved us at least 50% of time just in getting started. Their ecosystem of integrations and auditor community also streamlined and automated the overall experience. It’s much easier working with service providers and auditors who are familiar with and integrated into the Drata platform, as you can granularly grant them access to policies and controls. We continue to drive efficiencies and cost savings through a vendor management optimization review process that re-evaluates our existing providers against alternatives that are pre-integrated into the Drata platform.
We’re continuing to enhance our platform with new features that drive scalability for new and existing customers. Ark has started the SOC 2 Type 2 process and is considering other security and privacy frameworks to highlight our commitment and further stand out from our competitors. At Ark, security and privacy are baked into the product from the very beginning, not sprinkled on top afterwards. Leveraging third party audits and compliance frameworks (especially ones that utilize continuous monitoring), assures our customers their data and their customer’s data is in safe hands.