{"id":1444,"date":"2021-12-28T15:31:03","date_gmt":"2021-12-28T15:31:03","guid":{"rendered":"http:\/\/box5442.temp.domains\/~arpioio\/business-continuity-and-disaster-recovery-2\/"},"modified":"2022-04-21T18:25:47","modified_gmt":"2022-04-21T18:25:47","slug":"arpio-compliance-and-risk-management","status":"publish","type":"post","link":"https:\/\/arpio.io\/staging\/8013\/arpio-compliance-and-risk-management\/","title":{"rendered":"Compliance and Risk Management: The Arpio SOC 2 Certification Journey"},"content":{"rendered":"<body>\r\n<p>After kicking the can down the road for as long as we could stand, we decided that Arpio should pursue SOC 2 compliance in 2021. And while there are plenty of Google results that explain the basic differences between SOC 2 Type 1 and Type 2, we really struggled to understand the <em>actual<\/em> <em>work<\/em> this journey would entail.<\/p>\r\n\r\n\r\n\r\n<p>This blog series intends to capture the work required of us (an early growth stage SaaS company) to achieve SOC 2 certification. Our hope is that these posts might give you the insight we failed to find online.<\/p>\r\n\r\n\r\n\r\n<p>Once we committed to this journey, we partnered with <a href=\"https:\/\/heylaika.com\/\">Laika<\/a>, who provided the 10 policies we\u2019d need to customize and adopt.\u00a0 We\u2019re looking at these policies 1-by-1 in this series, and this post is about the 3rd policy: <strong><em>compliance and risk management<\/em><\/strong>.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>The compliance and risk management\u00a0 policy is all about ensuring that we\u2019re taking compliance seriously.\u00a0 It identifies a risk &amp; compliance officer (our CEO) who monitors the company\u2019s adherence to its compliance obligations.It stipulates that senior employees will be held accountable for supporting the compliance mission. It mandates compliance training for all employees. It establishes the feedback mechanisms by which employees can report breaches of compliance without fear of penalty.<\/p>\r\n\r\n\r\n\r\n<p>This was 100% new to us. Thankfully, in addition to the policy itself (which we tweaked), Laika provides us with the training modules and the documentation processes to capture and measure compliance.<\/p>\r\n\r\n\r\n\r\n<p>Additionally, as a company we have adopted a quarterly compliance day activity where we convene our entire team to review our compliance and complete periodic activities like BCDR testing and system access review. Through this process, everybody is frequently reminded of the importance of compliance, and we have an opportunity to identify any non-compliance and remediate it. We have a standard agenda for this compliance day activity that ensures all of our practices are being reviewed and followed. We held our first compliance day a couple of weeks back, and I dare say we enjoyed it. Tackling compliance together as a team activity was kind of a bonding event.<\/p>\r\n\r\n\r\n\r\n<p>As we stated at the <a href=\"https:\/\/arpio.io\/staging\/8013\/soc-compliance-for-saas-in-10-policies\/\">outset<\/a> of this series, \u200b\u200b\u201dThe key point to understand is that certification is about verifying that what you said you\u2019d be doing in your policies is what you\u2019re actually doing. You get to customize your policies to match the way you want to work, as long as it achieves the objectives of SOC 2.\u00a0 Keep that in mind as you\u2019re reading these posts, and considering your own SOC 2 journey.\u00a0 It\u2019s all about right-sizing your process.\u201d<\/p>\r\n<\/body>","protected":false},"excerpt":{"rendered":"<p>After kicking the can down the road for as long as we could stand, we decided that Arpio should pursue SOC 2 compliance in 2021. And while there are plenty&#8230;<\/p>\n","protected":false},"author":4,"featured_media":1445,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","content-type":"","inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1444","post","type-post","status-publish","format-standard","has-post-thumbnail","category-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Compliance and Risk Management: Arpio SOC 2 Certification Journey<\/title>\n<meta name=\"description\" content=\"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Compliance and Risk Management: Arpio SOC 2 Certification Journey\" \/>\n<meta property=\"og:description\" content=\"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-28T15:31:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-21T18:25:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arpio.io\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2520\" \/>\n\t<meta property=\"og:image:height\" content=\"1520\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Doug\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\"},\"author\":{\"name\":\"Doug\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\"},\"headline\":\"Compliance and Risk Management: The Arpio SOC 2 Certification Journey\",\"datePublished\":\"2021-12-28T15:31:03+00:00\",\"dateModified\":\"2022-04-21T18:25:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\"},\"wordCount\":438,\"image\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\",\"url\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\",\"name\":\"Compliance and Risk Management: Arpio SOC 2 Certification Journey\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png\",\"datePublished\":\"2021-12-28T15:31:03+00:00\",\"dateModified\":\"2022-04-21T18:25:47+00:00\",\"author\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\"},\"description\":\"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png\",\"contentUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png\",\"width\":960,\"height\":579},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/arpio.io\/staging\/8013\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Compliance and Risk Management: The Arpio SOC 2 Certification Journey\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/\",\"name\":\"Arpio Disaster Recovery Made Easy\",\"description\":\"AWS Disaster Recovery\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42\",\"name\":\"Doug\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g\",\"caption\":\"Doug\"},\"url\":\"https:\/\/arpio.io\/staging\/8013\/author\/doug\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Compliance and Risk Management: Arpio SOC 2 Certification Journey","description":"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/","og_locale":"en_US","og_type":"article","og_title":"Compliance and Risk Management: Arpio SOC 2 Certification Journey","og_description":"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0","og_url":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/","og_site_name":"Arpio Disaster Recovery Made Easy","article_published_time":"2021-12-28T15:31:03+00:00","article_modified_time":"2022-04-21T18:25:47+00:00","og_image":[{"width":2520,"height":1520,"url":"https:\/\/arpio.io\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px.png","type":"image\/png"}],"author":"Doug","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Doug","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#article","isPartOf":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/"},"author":{"name":"Doug","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42"},"headline":"Compliance and Risk Management: The Arpio SOC 2 Certification Journey","datePublished":"2021-12-28T15:31:03+00:00","dateModified":"2022-04-21T18:25:47+00:00","mainEntityOfPage":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/"},"wordCount":438,"image":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/","url":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/","name":"Compliance and Risk Management: Arpio SOC 2 Certification Journey","isPartOf":{"@id":"https:\/\/arpio.io\/staging\/8013\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage"},"image":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png","datePublished":"2021-12-28T15:31:03+00:00","dateModified":"2022-04-21T18:25:47+00:00","author":{"@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42"},"description":"This post is the third installment in our series on achieving SOC-2, where we discuss the 3rd policy: compliance and risk management.\u00a0","breadcrumb":{"@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arpio.io\/arpio-compliance-and-risk-management\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#primaryimage","url":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png","contentUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2021\/12\/Untitled-2520-x-1520-px-e1659733424278.png","width":960,"height":579},{"@type":"BreadcrumbList","@id":"https:\/\/arpio.io\/arpio-compliance-and-risk-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arpio.io\/staging\/8013\/"},{"@type":"ListItem","position":2,"name":"Compliance and Risk Management: The Arpio SOC 2 Certification Journey"}]},{"@type":"WebSite","@id":"https:\/\/arpio.io\/staging\/8013\/#website","url":"https:\/\/arpio.io\/staging\/8013\/","name":"Arpio Disaster Recovery Made Easy","description":"AWS Disaster Recovery","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/5c7dd11a2bcc5b1eb202c473873a8c42","name":"Doug","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98d763d738bde480338f289de28be30208ce6fbcdb2e370e4e94dd5e5ec5ffb5?s=96&d=mm&r=g","caption":"Doug"},"url":"https:\/\/arpio.io\/staging\/8013\/author\/doug\/"}]}},"_links":{"self":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/comments?post=1444"}],"version-history":[{"count":0,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/1444\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media\/1445"}],"wp:attachment":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media?parent=1444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/categories?post=1444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/tags?post=1444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}