{"id":1031,"date":"2021-10-26T19:27:24","date_gmt":"2021-10-26T19:27:24","guid":{"rendered":"http:\/\/box5442.temp.domains\/~arpioio\/?p=1031"},"modified":"2021-11-23T16:54:05","modified_gmt":"2021-11-23T16:54:05","slug":"soc-compliance-for-saas-in-10-policies","status":"publish","type":"post","link":"https:\/\/arpio.io\/staging\/8013\/soc-compliance-for-saas-in-10-policies\/","title":{"rendered":"SOC Compliance for SaaS in 10 Policies"},"content":{"rendered":"<body>\n<p>After dreading it for ages, we embarked on our SOC 2 compliance journey a few weeks ago. In this blog series we want to take you through the work we\u2019re doing as a small SaaS company to achieve certification.<\/p>\n\n\n\n<p>You can find lots of Google results for SOC 2 compliance that explain the differences between Type 1 and Type 2, but we really struggled to understand the <em>actual<\/em> <em>work<\/em> we\u2019d have to do. Our hope is that these posts might answer that same question for you.<\/p>\n\n\n\n<p>We partnered with <a href=\"https:\/\/heylaika.com\/\">Laika<\/a> for our SOC 2, and they gave us 10 draft policies we\u2019d need to adopt. In this series, we\u2019ll take these policies one at a time, illuminate what they say, and detail our actions to get compliant. For more background information on the SOC 2 process details you can watch our SOC 2 webinar video <a href=\"https:\/\/arpio.io\/staging\/8013\/soc-2-compliance-can-it-be-done-in-6-weeks\/\">here<\/a>.<\/p>\n\n\n\n<p>Here\u2019s the full list of policies we had to implement for our SOC 2 compliance.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Information Security Policy\u00a0<\/li><li>Business Continuity and Disaster Recovery Plan<\/li><li>Compliance and Risk management policy<\/li><li>Configuration and Change management policy<\/li><li>Data protection and handling Policy<\/li><li>Employee Handbook<\/li><li>Hiring Policy<\/li><li>Incident Response Policy<\/li><li>Privacy Notice Policy<\/li><li>Supplier Risk Management Policy<\/li><\/ol>\n\n\n\n<p>The key point to understand is that certification is about verifying that what you said you\u2019d be doing in your policies is what you\u2019re actually doing. You get to customize your policies to match the way you want to work, as long as it achieves the objectives of SOC 2.\u00a0 Keep that in mind as you\u2019re reading these posts, and considering your own SOC 2 journey.\u00a0 It\u2019s all about right-sizing your process.<\/p>\n<\/body>","protected":false},"excerpt":{"rendered":"<p>After dreading it for ages, we embarked on our SOC 2 compliance journey a few weeks ago. In this blog series we want to take you through the work we\u2019re&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1155,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","content-type":"","inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1031","post","type-post","status-publish","format-standard","has-post-thumbnail","category-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"og:description\" content=\"After dreading it for ages, we embarked on our SOC 2 compliance journey a few weeks ago. In this blog series we want to take you through the work we\u2019re...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\" \/>\n<meta property=\"og:site_name\" content=\"Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-26T19:27:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-23T16:54:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arpio.io\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"579\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"6805pwpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"6805pwpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\"},\"author\":{\"name\":\"6805pwpadmin\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"headline\":\"SOC Compliance for SaaS in 10 Policies\",\"datePublished\":\"2021-10-26T19:27:24+00:00\",\"dateModified\":\"2021-11-23T16:54:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\"},\"wordCount\":278,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\",\"url\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\",\"name\":\"SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg\",\"datePublished\":\"2021-10-26T19:27:24+00:00\",\"dateModified\":\"2021-11-23T16:54:05+00:00\",\"author\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"breadcrumb\":{\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg\",\"contentUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg\",\"width\":960,\"height\":290},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/arpio.io\/staging\/8013\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SOC Compliance for SaaS in 10 Policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/\",\"name\":\"Arpio Disaster Recovery Made Easy\",\"description\":\"AWS Disaster Recovery\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\",\"name\":\"6805pwpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"caption\":\"6805pwpadmin\"},\"sameAs\":[\"http:\/\/support.pagely.com\"],\"url\":\"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/","og_locale":"en_US","og_type":"article","og_title":"SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy","og_description":"After dreading it for ages, we embarked on our SOC 2 compliance journey a few weeks ago. In this blog series we want to take you through the work we\u2019re...","og_url":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/","og_site_name":"Arpio Disaster Recovery Made Easy","article_published_time":"2021-10-26T19:27:24+00:00","article_modified_time":"2021-11-23T16:54:05+00:00","og_image":[{"width":1920,"height":579,"url":"https:\/\/arpio.io\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1.jpg","type":"image\/jpeg"}],"author":"6805pwpadmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"6805pwpadmin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#article","isPartOf":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/"},"author":{"name":"6805pwpadmin","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"headline":"SOC Compliance for SaaS in 10 Policies","datePublished":"2021-10-26T19:27:24+00:00","dateModified":"2021-11-23T16:54:05+00:00","mainEntityOfPage":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/"},"wordCount":278,"commentCount":0,"image":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/","url":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/","name":"SOC Compliance for SaaS in 10 Policies - Arpio Disaster Recovery Made Easy","isPartOf":{"@id":"https:\/\/arpio.io\/staging\/8013\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage"},"image":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg","datePublished":"2021-10-26T19:27:24+00:00","dateModified":"2021-11-23T16:54:05+00:00","author":{"@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"breadcrumb":{"@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#primaryimage","url":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg","contentUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/11\/SOC-2-policies-1920x579-1-e1659733504468.jpg","width":960,"height":290},{"@type":"BreadcrumbList","@id":"https:\/\/arpio.io\/soc-compliance-for-saas-in-10-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arpio.io\/staging\/8013\/"},{"@type":"ListItem","position":2,"name":"SOC Compliance for SaaS in 10 Policies"}]},{"@type":"WebSite","@id":"https:\/\/arpio.io\/staging\/8013\/#website","url":"https:\/\/arpio.io\/staging\/8013\/","name":"Arpio Disaster Recovery Made Easy","description":"AWS Disaster Recovery","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095","name":"6805pwpadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","caption":"6805pwpadmin"},"sameAs":["http:\/\/support.pagely.com"],"url":"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/comments?post=1031"}],"version-history":[{"count":1,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1031\/revisions"}],"predecessor-version":[{"id":1160,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1031\/revisions\/1160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media\/1155"}],"wp:attachment":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media?parent=1031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/categories?post=1031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/tags?post=1031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}