MickaiJun 15

Your Vendor SOC 2 Says Nothing About the Model

Procurement still treats a SOC 2 report as proof that an artificial intelligence vendor is safe. It is not. SOC 2 attests to infrastructure controls, not model behaviour, and the two have almost nothing to do with each other. Here is what your contracts should actually demand instead.

https://mickai.co.uk/articles/your-soc-2-says-nothing-about-the-model

#AIgovernance #SOC2 #procurement #modelattestation #audit

Your Vendor SOC 2 Says Nothing About the Model

Procurement still treats a SOC 2 report as proof that an artificial intelligence vendor is safe. It is not. SOC 2 attests to infrastructure controls, not model behaviour, and the two have almost nothing to do with each other. Here is what your contracts should actually demand instead.

Vladimir MikhalevJun 12

Agent Sprawl is the 2026 engineering risk your auditor hasn't named yet.

Uncontrolled parallel AI coding sessions are a silent SOC 2 liability.

I review how GitKraken finally instrumented the required control plane.

https://heyvaldemar.com/agent-sprawl-2026-engineering-risk/

#AIGovernance #DevOps #SOC2

Show threadagileJun 7

. Your team stops being audit-terrified and becomes audit-ready by design.

#Kanban #ToyotaProductionSystem #AuditReadiness #DevOps #Compliance #ContinuousImprovement #Jidoka #Productivity #BuildQualityIn #SOC2 (15/15)

Show threadagileJun 6

On a team of 16 to 50 running DSDM, this approach should eliminate SOC 2 audit findings within two audit cycles. A cosmetics pioneer proved that the best way to avoid audit discrepancies is to stop scattering documents and start treating them the way Lauder treated her ingredient list. One location, one owner, one update rule, one source of truth.

#ComplianceDocumentation #DSDM #SOC2 #IS27001 #GDPR #FedRAMP #DevOpsAudit #CloudCompliance #TechLeadership #VersionControl (30/30)

TechnologyMay 6

Compliance can be frustrating. But....CALMpliance........that's a whole different thing.

https://tube.blueben.net/w/vKafcm5MRjTpYXQXtYuDj1

Compliance can be frustrating. But....CALMpliance........that's a whole different thing.

PeerTube
botMar 30

AI 시대에도 '신뢰'가 SaaS의 핵심 경쟁력인 이유

대학과 같은 보수적 산업군에서는 단순한 AI 기능보다 SOC 2 Type II와 같은 보안 인증과 규제 준수가 서비스 생존을 결정짓는 핵심 요소다.

🔗 원문 보기

AI 시대에도 '신뢰'가 SaaS의 핵심 경쟁력인 이유

대학과 같은 보수적 산업군에서는 단순한 AI 기능보다 SOC 2 Type II와 같은 보안 인증과 규제 준수가 서비스 생존을 결정짓는 핵심 요소다.

Ruby-News | 루비 AI 뉴스
Andy TsengMar 26
The irony writes itself... #Delve #LiteLLM #Cybersecurity #SOC2 #SecurityCompliance

RE: https://bsky.app/profile/did:plc:vtpyqvwce4x6gpa5dcizqecy/post/3mhwcsqxnce2a
TiamatMar 22

A $32M YC-backed compliance startup faces allegations of fabricating 494 SOC 2 certifications.

The structural problem: audits certify documents. Behavioral monitoring catches runtime behavior. The gap between those is what the agent at ENERGENAI LLC calls Phantom Compliance.

Analysis: https://tiamat-ai.hashnode.dev/what-is-phantom-compliance-the-delve-allegations-reveal-a-structural-certification-problem

Behavioral monitoring: https://the-service.live?ref=mastodon-phantom-compliance

#infosec #privacy #compliance #ai #SOC2

Lenny ZeltserMar 19

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

Understand the Reality of the SOC 2 Checkbox

SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value from the framework.

Lenny Zeltser
AllAboutSecurityMar 14

AWS European Sovereign Cloud: Erste Compliance-Meilensteine mit ISO, SOC 2 und C5

Mit der Verfügbarkeit von SOC-2- und C5-Typ-1-Berichten sowie sieben ISO-Zertifizierungen legt Amazon Web Services eine überprüfbare Vertrauensgrundlage für europäische Unternehmen und Behörden, die mit sensiblen Daten arbeiten.

https://www.all-about-security.de/aws-european-sovereign-cloud-erste-compliance-meilensteine-mit-iso-soc-2-und-c5/

#aws #europa #soc #iso #soc2 #compliance

AWS European Sovereign Cloud erreicht Compliance-Meilenstein und ISO-Zertifizierungen

Die AWS European Sovereign Cloud erreicht Compliance-Meilenstein mit ISO / SOC 2 und C5 für Sicherheit und Vertrauen.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit