Y
Hacker News
new
|
ask
|
show
|
jobs
by
mkl95
91 days ago
I've worked with SOC2-certified companies where employees would email each other plaintext credentials, publish them in Notion pages, etc. You cannot cure stupidity by "complying".
1 comments
tptacek
91 days ago
There's no particular reason anyone's SOC2 DRL would cover "make sure people don't email credentials". It's not a technical certification.
link