|
|
|
|
|
|
by xtracto
1920 days ago
|
|
|
Im head of engineering at a ~70 people B2B startup and man I HATE these things with passion. I get one almost every other week and yes, they are indeed 200+ questions. Even after you are PCI, SOC2, ISO27001, etc compliant some companies REQUIRE you to fill these things. It is a HUGE pain and time consuming chore. |
|
|
A lot of auditors make it seems like once you have your SOC2 or ISO27001 certification that you'll be free from these forever, but our finding is that it might get you out of 20% of these at best, and for the rest it's basically table stakes.