alt Hacker NewsThere is a lot of serious allegations in here. But some of these complaints apply to most SOC 2 compliance services. For example: it points out that Delve provides pre-filled documents and encourages you to accept them as is. In my experience that is typical. I have seen companies just rubber stamp pre-created documents that describe IT processes that do not accurately reflect actual policy because the MBA[1] running the project didn't want to pull in IT and had no idea what any of it meant.
[1] No offense to MBA, just using it as a placeholder for: business stakeholder with no IT background.
Replies
Giving you template device management policies is one thing, it's a whole other thing to say you don't have to have board meetings and generating fake minutes.
Doesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project.
As for the pre-filled stuff, that's what other SOC 2 companies mean when they try to sell you "compliance in a box." Not that bad if the company is starting from scratch (<1 year), but not realistic for a company that has an existing IT footprint.
However, the allegations here is that it is fraud. An "AI" company acting as a front for certification mills.