[geocar]

No. At the end of the day, the customer pays, because I charge more for bullshit. They need an SOC to use my cloud product it cost me 150k USD to get an audit from a big-four for a single site in 2016. Maybe it’s a little more today, but it’s not an order-of-magnitude.

I’m assuming you already adhere to the relevant standards. Obviously if you’re cutting corners getting up to snuff is going to cost a lot more than a hundy.

[JustLurking2022]

A Big 4 can't conduct a proper SOC audit without access to the cloud providers internal controls/processes. That's the problematic/expensive part since it requires a bunch of time from the cloud provider, which they will also likely want to bill for.