alt Hacker News> Get even a single NO and you're done.
Why do you think that's true? SOC2 isn't pass/fail, you receive a report on your business. You can have gaping security holes and be SOC2 "certified." It's just that your SOC2 audit will reflect that.
> Get even a single NO and you're done.
Why do you think that's true? SOC2 isn't pass/fail, you receive a report on your business. You can have gaping security holes and be SOC2 "certified." It's just that your SOC2 audit will reflect that.
It won't even be that. You're not going to have any gaps in your Type I if your auditor is at all competent; your Type I documents what you were doing, aspirationally, at the time of your audit.