[orestis]

We have many clients asking for certification. We just say that we don’t have one, but our major vendors (eg aws) have a shit ton of them, and it seems to work fine.

Usually it’s not the certification that will make or break a deal, at least in our case.

[twistedpair]

From the buy side prospective, as someone that sits on a vendor review board, if there are two vendor options for a service, and one has SOC2 and the other doesn't, we'll lean heavily toward the SOC2 vendor. If you're the vendor, this can help your ASP.

I've personally gone through certifying a company as SOC2 and it makes you realize how much you want your vendors to have SOC2 controls.