Hacker News new | ask | show | jobs
by mopoke 1442 days ago
> SOC2 is the best-known infosec certification, and the only one routinely demanded by customers

Maybe in the US. For the rest of the world, ISO27001 is arguably better known.
2 comments
OrvalWintermute 1442 days ago
SOC2 is also one of the weakest.

>Developed by the American Institute of CPAs

I don't know when CPAs became infosec experts.

>Each company designs its own controls to comply with its Trust Services Criteria.

Because it depends on self-assertion, SOC2 is generally a weak organizational certification.

link
tptacek 1442 days ago
They're not infosec experts, and don't claim to be.
link
bflesch 1442 days ago
SOC2 signals much higher maturity than ISO27001, also in Europe.
link