freddykrugerMar 19

Delve – Fake Compliance as a Service

https://deepdelver.substack.com/p/delve-fake-compliance-as-a-service

Delve - Fake Compliance as a Service - Part I

How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

DeepDelver
Show threadtremarleyMar 20

Delve has released a response

https://delve.co/blog/response-to-misleading-claims

Response to Misleading Claims | Delve

Setting the record straight on recent misleading claims about our compliance platform.

Show threadQasaur

They’ve possibly dug an even deeper hole now.

None of their ISO 27001 certificates, aside from the premium one-offs with the vCISO, are accredited by any reputable ISO accreditation body. I would even argue that IAS, who accredited Prescient Security (mentioned as a reputable body in the article), has a questionable reputation and certainly gives off a pay-to-play impression.

You can look up the names of their partners below. The one body I found that is on the register (Accorp) is accredited by UAF, a known cert-mill accreditation body, and I’m not even sure it’s the same Accorp that Delve has partnered with.

For reference, you want a ISO certificate issued by a body accredited by UKAS (UK gov. adjacent non-profit), ANAB (ANSI), or equivalent, all government-recognised. This is normally the first thing I check whenever someone claims ISO 27001 certification and it is a great heuristic to validate certification rigour.

https://www.iafcertsearch.org/search/certification-bodies

Shockingly low levels of DD by everyone involved here.

IAF Certification Validation - IAF CertSearch

IAF CertSearch is the exclusive global database for accredited management system certifications allowing users to validate an organization's certification(s).

Mar 20 at 10:46pmWeb