freddykrugerMar 19

Delve – Fake Compliance as a Service

https://deepdelver.substack.com/p/delve-fake-compliance-as-a-service

Delve - Fake Compliance as a Service - Part I

How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

DeepDelver
Show threadalanningMar 20
For those looking for help with SOC2 compliance, I had a good experience with another YC company, Vanta. That was some years ago so not sure if anything has changed since then but I would recommend checking them out.
Show threadtptacekMar 20

I like the Vanta people just fine and think it's a fine product, but I would not recommend it to startups looking to get SOC2.

https://fly.io/blog/soc2-the-screenshots-will-continue-until...

Most startups should be doing way, way less than automation platforms like these tell them they need to do to get a SOC2 attestation.

SOC2: The Screenshots Will Continue Until Security Improves

We got SOC2 certified so now you have to pay us more.

Fly
Show threaddmixMar 20
Not every sales team can convince a big paying customer that SOC2 isn't important. Lots of B2B SaaS companies have to play the enterprise lawyer game to get big contracts.
Show threadlelandbatey

Fly is not saying "just ignore SOC2 compliance". Fly is saying "yes, get SOC2, we had to become SOC2 compliant, and also, you can work with your auditor to achieve SOC2 compliance in a more sane way than if you just do whatever is recommended upfront."

Basically, they are saying that you should tailor your SOC2 implementation so that it's actually useful without being a horrible overbearing process, that you have that option and should take it.

Mar 20 at 11:19pmWeb