[egorfine]

> With ISO27001 or SOC 2, I have more information about the other party's ability to

... spend time and money to emulate the asinine requirements of outdated standards instead of actually making the product better and more secure.

> I'm trusting a third party auditor to vouch for them.

Like Delve?

[bedatadriven]

The standards are very sensible. If you can't be bothered to provide even simple evidence that your employees are using basic harddrive encryption, use password managers, and your product has backup in place, I don't want to do business with you.

And Delve isn't an auditor. Though they were apparently in cohoots with equally criminal third party auditors. So I guess I'm going to be looking more closely at just exactly who exactly are auditing our vendors in the future...