Hacker News new | past | comments | ask | show | jobs | submit login

SOC 2 compliant. Tells you exactly how useful SOC compliance is.



Broadly speaking, being SOC 2 "compliant" isn't really a thing. They just had a SOC 2 audit done, you have to read the report to discover how "compliant" they are.

SOC 2 is useful as setting a baseline for how a business and IT org should be ran, assuming it's followed...


Auditors don't get paid to fail their customers ;) I think many people would be surprised just how.. Accommodating the process can be.


All SOC tells you is that there is a process being (mostly) followed. Always review the reports for your vendors and follow up on any findings or gaps that show up.

It's surprisingly common for places to be SOC compliant, yet their latest report has half a dozen or more gaps/findings.


An artificial barrier to entry. What a racket.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: