Ask HN: What to do with a hosting provider whose SOC II report has lapsed?

1 points by cl0rkster ↗ HN
My company currently hosts our production hardware with a large datacenter that acts as our managed hosting provider. It was previously a smaller and much more responsive company that was bought out by a larger brand. Since the transition to the larger brand, we've had numerous issues, but the most nagging has been that they initially didn't have a clean SOC II report in their first year after the takeover. This year, they failed to even get their SOC II audit done at all. My company hosts sensitive data for many of our clients and these clients rely on the fact that our hosting provider has a SOC II audit that is clean and up-to-date. When we contacted the hosting provider about the lapse, we quickly discovered that a lapsed SOC II report is not a breach of contract and we have little to no recourse to take other than to leave and accept penalties for breaking our contract. Obviously we will have a clean SOC II report as a condition written into any future data center contracts. Has anyone experienced a similar situation and had any luck in attaining a favorable resolution?

0 comments

[ 3.4 ms ] story [ 8.0 ms ] thread

No comments yet.