Hacker News new | past | comments | ask | show | jobs | submit login

> SOC2 is the best-known infosec certification, and the only one routinely demanded by customers

Maybe in the US. For the rest of the world, ISO27001 is arguably better known.




SOC2 is also one of the weakest.

>Developed by the American Institute of CPAs

I don't know when CPAs became infosec experts.

>Each company designs its own controls to comply with its Trust Services Criteria.

Because it depends on self-assertion, SOC2 is generally a weak organizational certification.


They're not infosec experts, and don't claim to be.


SOC2 signals much higher maturity than ISO27001, also in Europe.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: