|
Top-level
 @donaldball @calamari I don't know SOC2 that well but I do work on critical infrastructure that is certified (with 0 findings!) to a similar German standard despite not using any of these scary products. Yes you need to explain to your auditor how you intend to meet your security objectives despite not having bought the proprietary appliance that claims to magically make you do that. But you'll manage. 5 comments
@muvlon @donaldball @calamari "it tixs a box". As long as it easier to deploy a software which tix a box as to discuss with your auditor each and every year why you insist do do it by yourself we will see incidents like this today 🤷   The same lazy and incompetent mindset that means 90% of industry is on windows*. * Hampering the development of "effectively read-only stateless clients", for example. @muvlon @donaldball @calamari exactly. you can work with the regulatory entities & auditors, but you have to know what you do. |
Gregory's Server
@donaldball @calamari "If you don't buy XYZ you'll surely fail your audit" is repeated across the industry as a truism but barely ever put to the test.