Y
Hacker News
new
|
ask
|
show
|
jobs
by
giantg2
36 days ago
The whole point of stuff like SOC2 and audit to verify that policy is actually implemented. Seems like nobody actually checked.
1 comments
kube-system
36 days ago
SOC2 requires an audit. But one of the weaknesses of SOC2 is that the audit mostly checks to determine that you are following whatever your policy is. It doesn't verify that your policy is rigorous.
link