It feels like I'm screaming into the void, but compliance work is bad is because people make it so. Willfully paying for a service that offers SOC 2 reports at 1/5th the usual rate and delivers them in days instead of…
Doesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project. As for the pre-filled stuff, that's what other SOC 2 companies mean…
Same people that thinks they can build an Uber/Lyft/Instagram competitor by themselves over the weekend.
As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon…
The source being a tweet from clear right wing nutcase. Not gonna waste my time looking through his tweets to learn that he thinks there are "election fraud" in AZ. I'm not a labor economist and know nothing about job…
I don't deny that there are certainly companies that act in bad faith (say one thing in their SOC 2, but do another), but I don't consider it to be a fault of the SOC 2 process. Just bad companies. I wouldn't be…
I love it when nothing is documented and every process exists in someone's head.
Actually, the easiest thing is to find a better auditor. A SOC audit isn't like an IRS audit, you actually pay them to come in and audit. Not all are created equal and sometimes you get what you pay for.
I don't understand why people assume SOC 2 can cover every single possible scenario. Especially scenarios that have nothing to do with actual SOC 2 controls, but the result of lax security culture or bad actors. You can…
I'm trying hard to figure out what any of this has to do with SOC 2. Perhaps consider the phrase "Don't let perfect be the enemy of good". Okta had a shitty breach, but does that mean dropping SSO completely? What…
I think one thing that doesn't get covered enough is SOC 2's value in providing additional data for vendor security reviews. That poor CISO that have to work on SOC 2 is probably tasked with reviewing new vendors on a…
It feels like I'm screaming into the void, but compliance work is bad is because people make it so. Willfully paying for a service that offers SOC 2 reports at 1/5th the usual rate and delivers them in days instead of…
Doesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project. As for the pre-filled stuff, that's what other SOC 2 companies mean…
Same people that thinks they can build an Uber/Lyft/Instagram competitor by themselves over the weekend.
As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon…
The source being a tweet from clear right wing nutcase. Not gonna waste my time looking through his tweets to learn that he thinks there are "election fraud" in AZ. I'm not a labor economist and know nothing about job…
I don't deny that there are certainly companies that act in bad faith (say one thing in their SOC 2, but do another), but I don't consider it to be a fault of the SOC 2 process. Just bad companies. I wouldn't be…
I love it when nothing is documented and every process exists in someone's head.
Actually, the easiest thing is to find a better auditor. A SOC audit isn't like an IRS audit, you actually pay them to come in and audit. Not all are created equal and sometimes you get what you pay for.
I don't understand why people assume SOC 2 can cover every single possible scenario. Especially scenarios that have nothing to do with actual SOC 2 controls, but the result of lax security culture or bad actors. You can…
I'm trying hard to figure out what any of this has to do with SOC 2. Perhaps consider the phrase "Don't let perfect be the enemy of good". Okta had a shitty breach, but does that mean dropping SSO completely? What…
I think one thing that doesn't get covered enough is SOC 2's value in providing additional data for vendor security reviews. That poor CISO that have to work on SOC 2 is probably tasked with reviewing new vendors on a…