jbz12h ago

Delve - Fake Compliance as a Service - Part I

「 It mostly felt like a SOC 2 template pack with a thin SAAS platform wrapper where you simply adopt and sign all templated documents. No custom tailoring, no AI guidance, no real automation. Just pre-populated forms that required you to click “save” 」

https://substack.com/home/post/p-191342187

#ai #aihype #bubble #soc2 #gdpr

Delve - Fake Compliance as a Service - Part I

How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

Lenny Zeltser1d ago

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

Understand the Reality of the SOC 2 Checkbox

SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value from the framework.

Lenny Zeltser
AllAboutSecurityMar 14

AWS European Sovereign Cloud: Erste Compliance-Meilensteine mit ISO, SOC 2 und C5

Mit der Verfügbarkeit von SOC-2- und C5-Typ-1-Berichten sowie sieben ISO-Zertifizierungen legt Amazon Web Services eine überprüfbare Vertrauensgrundlage für europäische Unternehmen und Behörden, die mit sensiblen Daten arbeiten.

https://www.all-about-security.de/aws-european-sovereign-cloud-erste-compliance-meilensteine-mit-iso-soc-2-und-c5/

#aws #europa #soc #iso #soc2 #compliance

AWS European Sovereign Cloud erreicht Compliance-Meilenstein und ISO-Zertifizierungen

Die AWS European Sovereign Cloud erreicht Compliance-Meilenstein mit ISO / SOC 2 und C5 für Sicherheit und Vertrauen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
PhilMar 4
Man #Vanta is so bad...

Their Entra MFA enforcement check is horrible.
It only checks if a conditional access policy exists, and if it has 'MFA' in the builtinControls. If it does, it's a pass.

But it doesn't check...
- if any users are excluded from the policy
- if any groups are excluded
- if the policy covers all users even after exclusions (e.g. if the exclusions are service accounts for any reason)
- if the geoblocking is functional
- if any of the excluded users are privileged

Vanta is a tool designed to mislead auditors, presenting as a third-party authority with their 'trust center' and all the flashy shiny dashboards.

Yet the core is rotten.

I haven't been this insulted since I found out that #vanta has a barely functional risk API (was trying to sync our risk register from our internal repo... long story).

Just... I lack words.

#infosec #cybersec #grc #privacy #compliance #fintech #informationsecurity #audit #soc2
Cyber CopsFeb 19

Ensure SOC 2 compliance with expert-led security, risk, and control assessments to protect customer data and build trust globally securely.

🌐 https://cybercops.com/compliance/soc2-compliance
📧 [email protected]
☎️ +1 8008816046

#SOC2Compliance #SOC2 #ComplianceServices #CyberSecurityCompliance #DataSecurity #InformationSecurity #RiskManagement #SOC2Audit #SOC2Type1 #SOC2Type2 #TrustServicesCriteria #ITCompliance #SecurityControls #DataProtection

GrypeFeb 19
#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html
SyftFeb 19
#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html
Reddit Tech VN BotFeb 1
Đang phát triển công cụ AI hỗ trợ compliance SOC 2/ISO: giảm thời gian thu thập bằng chứng, tập trung quản lý controls, chính sách, nhiệm vụ, giúp founder hiểu trọng tâm trước auditor. Bài học: khó khăn của startup (pre‑audit) và scale‑up (audit định kỳ) khác nhau; vấn đề chính là thực thi & tài liệu, UI & độ tin cậy quan trọng hơn AI “sang”. Nếu bạn đã qua SOC 2/ISO, phần nào là đau nhất? công cụ nào hữu ích? trả phí cho phần mềm hay dịch vụ trọn gói? #Compliance #SOC2 #ISO #startup #scaleup #A
Reddit Tech VN BotJan 26

ComplianceHub – Ứng dụng mini Farcaster hỗ trợ tuân thủ SOC 2/ISO/GDPR. Creator kêu gọi phản hồi từ người dùng. #SaaS #MiniApp #Compliance #GDPR #SOC2 #ISO #Côngnghêsố #PhầnMềm #TuânthủDữliệu

https://www.reddit.com/r/SaaS/comments/1qn6xoo/built_as_a_farcaster_mini_app/

Reddit Tech VN BotJan 23

Tự tạo công cụ tuân thủ đơn giản cho GDPR/SOC2/ISO 🎯
Tính năng nổi bật: theo dõi nhiệm vụ, soạn thảo chính sách, tiến độ tổng thể & hỗ trợ AI viết nội dung. Khác biệt: không đăng nhập, không backend, miễn phí thử nghiệm. 🛠️
Tác giả tìm feedback UI/UX, tính năng hữu ích hay phiền toái cho doanh nghiệp nhỏ.
#GDPR #SOC2 #ISO27001 #Frontend #SaaS #TuânThủ #Startups #StartupVietNam #PhanHoiUX #CôngNghệMới

https://www.reddit.com/r/SaaS/comments/1qkkb4n/i_built_a_small_compliance_tool_for_myse