Updated specific locations to be searchable, take a look at Las Vegas as an example.

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

0
Is SOC 2 Report Sufficient for Vendor Risk Management?
Post Flair (click to view more posts with a particular flair)
Concepts
Post Body

Hello Dear Friends

Hope you all are in good health and high spirits

Our organization is in the process of buying a software application from a vendor who will also handle deployment and ongoing support. As part of our vendor risk management, we sent a detailed questionnaire to the vendor to assess their security and compliance measures. However, the vendor declined to answer our questions directly and instead provided a SOC 2 report audited by a well-known firm. They also mentioned that they do not have an ISO 27001 certification.

Is relying solely on the SOC 2 report sufficient for due diligence in this scenario?

What steps should we take if we need more detailed information or evidence of their security practices?

Appreciate any advice.

Author
Account Strength
90%
Account Age
4 years
Verified Email
Yes
Verified Flair
No
Total Karma
1,879
Link Karma
1,311
Comment Karma
123
Profile updated: 3 days ago
techno_it

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
5 months ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/AskNetsec/c...