[amsully]

Hi! Any perspective of extending SOC2 Report access to the Teams level? Small companies in regulated environments aren't able to jump to enterprise ($$$) so need to look elsewhere to get a SOC2 compliant version control system at a decent price. Love the Github product so it was tough when we had to make the decision to move off of it.

[grinich]

I don't work at GitHub, but I believe if you reach out to GitHub Support and sign an NDA they can provide you the SOC-2 report. (Most vendors will do this.)

[amsully]

We reached out and were told we would need to upgrade to the enterprise version. (This was probably 5 months ago before they announced a few startup friendly offerings)

[staticassertion]

I'm curious why you need the SOC2 report itself instead of some sort of signed statement of compliance. The details of the SOC2 don't seem like they should be important?

[grinich]

When you're going through SOC-2, your auditor will ask for the SOC-2 report of each critical vendor.

[tomschlick]

If you're at that level of auditing I'd expect your company has enough cash to fork over for GHE.