alt Hacker NewsThe whole point of stuff like SOC2 and audit to verify that policy is actually implemented. Seems like nobody actually checked.
The whole point of stuff like SOC2 and audit to verify that policy is actually implemented. Seems like nobody actually checked.
SOC2 requires an audit. But one of the weaknesses of SOC2 is that the audit mostly checks to determine that you are following whatever your policy is. It doesn't verify that your policy is rigorous.