Hacker News new | ask | show | jobs
by OrvalWintermute 1442 days ago
SOC2 is also one of the weakest.

>Developed by the American Institute of CPAs

I don't know when CPAs became infosec experts.

>Each company designs its own controls to comply with its Trust Services Criteria.

Because it depends on self-assertion, SOC2 is generally a weak organizational certification.
1 comments
tptacek 1442 days ago
They're not infosec experts, and don't claim to be.
link