|
|
|
|
|
|
by arjavmehta
37 days ago
|
|
|
Yes, its very possible. What's most important for you would just being able to prove to your customers that you do what you say you do. The core issue isn't SOC 2, it's verifiability. Your customers want to know that what you claim about your security posture is actually true, not just documented. I've actually been deeply exploring the compliance space lately and a few days ago I built an open-core pre-audit readiness layer. Every finding traces back to the raw AWS API call that produced it, SHA-256 hashed. An auditor or skeptical customer can verify it themselves without taking your word for it. Its more SOC 2-esque, & its pre-audit readiness not a certification, but it does the job of proving you are trustworthy. repo if relevant: https://github.com/adog0822/AWS-Evidence-Layer (I built this, disclosing upfront) |
|
|