|
|
|
|
|
|
by tptacek
1647 days ago
|
|
|
My understanding is that it's not completely trivial to make these kinds of policy changes once you get past your Type 1. This would be a nitpick except that it implies something important about how you should handle SOC2: don't be ambitious or expansive in your Type 1 audit, and leave yourself room to see what's going to work long term. This is something I've seen a lot of people mess up. |
|
|