alt Hacker NewsCompliance is something that no one ever wants and everybody hates. Not a single founder wakes up in the morning thinking to themselves: "oh I wish I could make my company XYZ-123 compliant!"
Thus providing compliance is really just paying someone to shift responsibility.
The regulator can ask whether you are compliant. You can present certificate from Delve or someone else and that's the end of it.
Replies
Not a single person wakes up in the morning thinking they wish to pay taxes and rent and do the laundry the other stuff that has to be done. I would be nice to smoke weed and play video games all day and order the deliveries.
Some things just have to be done.
> Not a single founder wakes up in the morning thinking to themselves: "oh I wish I could make my company XYZ-123 compliant!"
Somehow I doubt that you are in the B2B/Enterprise space. When you're pitching demos and you hear from people "we really wish we could buy your product but we can't because Finance won't approve the expenditure unless you get XYZ-123", and you hear that over and over again because that is the real-world industry that you live in, then you better believe that there are founders who wake up in the morning wishing that.
You clearly have no understanding of what compliance does. Compliance does not "shift responsibility". Compliance is you demonstrating to your customers that you give enough of a shit that you're willing to pay the table stakes to sit at the table. You can complain that the game has table stakes, but all worthwhile games have them.
When I worked in cybersecurity I had a similar realization. No one cared about security posture. They cared about insurance policies. People hired us to shift blame instead of improve security posture. this is not terribly different
Maybe no one wakes up wanting to deal with compliance, but it you found a company that has legal or moral obligations to be compliant with these standards, you sure have signed yourself up for it. Passing the responsibility off to some other company is, quite simply, irresponsible.
I don't want to work wherever you do your thing. Software as a service means you provide a service, and you should take your responsibility to protect your customer's data super seriously. Compliance frameworks are one useful tool among many to support this effort. It helps us identify gaps, identify risks, make improvements. It also give us a way to communicate what we do to our partners. The behavior described in the medium post is fraud, pure and simple.
I am a founder, and my ambition includes meeting the highest possible standards for my customers.