I'm curious why you need the SOC2 report itself instead of some sort of signed s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		staticassertion on April 14, 2020 \| parent \| context \| favorite \| on: GitHub is now free for teams I'm curious why you need the SOC2 report itself instead of some sort of signed statement of compliance. The details of the SOC2 don't seem like they should be important?

grinich on April 14, 2020 [–]

When you're going through SOC-2, your auditor will ask for the SOC-2 report of each critical vendor.

tomschlick on April 14, 2020 | [–]

If you're at that level of auditing I'd expect your company has enough cash to fork over for GHE.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact