|
|
|
|
|
|
by daft_pink
3 days ago
|
|
|
I was under the impression that a SOC 2 Type 2 audit requires the auditor to verify access, so if you are purchasing a paid/business version from a top 3 vendor (Anthropic, Google, OpenAI) it is SOC 2 Type 2 and any SOC 2 Type 2 service has to maintain access logs and have an independent auditor validate that data isn't being accessed or used against the rules? Essentially, this is why AWS is reporting this to begin with. |
|
|