|
|
|
|
|
|
by lazyant
33 days ago
|
|
|
Instead of trying to get the actual SOC 2 attestation, do a version of the homework that would get you there; basically writing documentation. The output would be documents describing different procedures or existing infra (disaster recovery, network diagrams etc) and a master spreadsheet with the "soc 2" questions (that you pick) and answers, a "security questionnaire" and this is what you send to companies when they insist. Note in security-speak the keyword is "mitigation" (you don't have x but you mitigate that by y) |
|
|