Ask HN: What's the cheapest way to become SOC2 compliant for a pre-seed startup?
We are building a Sales and Marketing startup. We need to connect to CRM and other data sources. So we need SOC2 compliancy. But it looks like SOC2 is very expensive like $10K to 25K for Type-1. Are there any cheaper ways to get this done?
9 comments
[ 3.6 ms ] story [ 39.6 ms ] threadThat said, I'd suggest that ~20k isn't nuts for an auditor to walk you through the process bits, and is likely the cheap part. You're almost certainly going to lose more money in IC hours that your staff spend dealing with your first round of evidence collection than the 20k.
So become compliant and put the label on your website. Don't get an audit.
With any customers when asked always mention that you have followed all the procedures and are waiting for an audit.
- https://news.ycombinator.com/item?id=22559786
- https://www.latacora.com/blog/2020/03/12/the-soc-starting/