How Ripl achieved SOC 2 compliance while spending 1/3 of the expected effort

Ripl is an online tool for design, publishing, and social media management. It enables brands and businesses to create branded posts, run targeted video ads, and track social performance. By managing their brand presence on all social platforms from one place, businesses can save time and effort. Ripl is available on all three operating systems: Android, iOS, and as a web app.

soc2 logo

SOC 2 Type 2

USA

25 days

Time to achieve SOC 2 readiness

14 days

Time to complete SOC 2 Type 2 audit post-surveillance

10 min/week

Time spent overseeing compliance

Ready to get started?
Challenge

Because Ripl works with social media platforms like Facebook, Instagram, Twitter, and Youtube, data security and privacy are top priorities. They must exercise due diligence to protect sensitive information and prove best practices.

Every year, Facebook’s security auditors review Ripl’s systems for regular due diligence. These auditors examine system evidence against information in the database. This process, while important, demands significant man-hours from Ripl’s team, though it does not directly contribute to its bottom line.

Over the course of many such audits, Ripl realized a SOC 2 Type 2 audit report would make auditor reviews easy, even if it would not fully eliminate such audits.

In addition to helping them become SOC 2 compliant, Ripl sought a security compliance solution that would make security audits a ‘low-effort’ activity and also help them prepare for audits without spending much time.

Ripl explored two approaches to solve this need:

  • Use an auditor/consultant to run everything manually
  • Get compliant using a compliance automation tool

Ripl chose to problem-solve their challenge using technology, not consultants. Using a tool like Sprinto would allow them to avoid spending time coordinating with a consultant and let the technology handle the work for most parts.

Ripl chose Sprinto to simplify and automate their SOC 2 compliance process. The platform ticked all of the ‘right boxes’ for Ripl, including quality, depth of expertise, low effort, and affordability.

Solution

Following an integrated risk assessment and control mapping, Ripl integrated Sprinto with its systems and infrastructure to run automated checks on key SOC 2 controls mapped to 3 Trust Service Criteria(TSC).

Chiefly, Sprinto’s real-time dashboard made compliance tasks visible and pointed a direction forward. Sprinto’s compliance experts worked closely with Ripl to break down large tasks into actionable steps, helping Ripl navigate compliance in a structured and prioritized manner. efficiently with negligible time loss outside of the designed steps.

Over time-bound sessions with our CSM, we tackled all compliance requirements step by step. The schedule of activities was always predictable. Of course, there was some homework, but I always knew exactly what needed to be done and by when. It was all very straightforward.

Results

Using Sprinto, Ripl achieved SOC 2 compliance readiness in 25 days—one-third of the estimated 75 days. 120 days of monitoring later, Ripl moved to SOC 2 Type 2 audit and completed it within 14 days.

SOC 2 workflow automation along with guidance from Sprinto’s compliance experts helped make the process clear, straightforward, and predictable. Like stepping stones, Sprinto’s tailored implementation program helped Ripl gradually achieve compliance without disrupting daily operations.

Additionally, Sprinto’s guided help and coordination with auditors reduced confusion in auditor discussions.

Sprinto made audits pleasurable!

In a major win, Ripl has noticed that Sprinto’s compliance automation and continuous monitoring capabilities have eliminated the need for ‘rework’ every year. “We only need to spend 5-10 minutes a week on compliance now,” notes Rodney Olsen, VP of Engineering at Ripl.