Comment by iririririr
9 days ago
This is new to me, so I did a quick search for a few examples of such documents.
The very first result was a 404
https://aws.amazon.com/compliance/reports/
The jokes write themselves.
9 days ago
This is new to me, so I did a quick search for a few examples of such documents.
The very first result was a 404
https://aws.amazon.com/compliance/reports/
The jokes write themselves.
But how is this related to the internet being archivable? This sort of proves the point that URLs were always a terrible idea to reference in your compliance docs, the answer was always to get the actual docs.
IME compliance tools will take a doc and or a link. What's acceptable is up to the auditor. IMO both a link and doc are best.
Links alone can be tempting as you've to reference the same docs or policies over and over for various controls.
Wayback machine URLs are much more likely to be stable.
Even if the content is taken down, changed or moved, a copy is likely to still be available in the Wayback Machine.
I would never rely on this vs just downloading the SOC2 reports, which almost always aren't public anyways and need to be requested explicitly. I suspect that that compliance page would have just linked to a bunch of PDF downloads or possibly even a "request a zip file from us after you sign an NDA" anyways.
1 reply →