Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
rendaw
9 months ago
|
parent
|
context
|
favorite
| on:
The Startup CTO's Handbook
GP's point is that having SSO and protected git branches _is_ starting the SOC2 process.
tptacek
9 months ago
|
next
[–]
I'm pretty sure that's not what the author meant. Again: those are things you should do regardless of whether you're
ever
going to get SOC2 (and a lot of startups shouldn't).
koolba
9 months ago
|
prev
[–]
That and having a ticket system (e.g., Jira) to track why you touched prod and you can answer just about every question.
tptacek
9 months ago
|
parent
[–]
We don't have that, and didn't need it for SOC2.
(We have other ways of tracking prod changes, but our auditors don't know anything about them.)
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
