Comment by troupo
2 months ago
Translation: all your rules and regulations are crap, and we don't want to comply with any of them.
When in reality most rules and regulations are not crap, and you should care about them.
Especially when your startup advertises compliance with HIPAA (medical records), PCI-DSS (payments data) and a bunch of other data protection standards and regulations.
Data protection is a tiny component of what certifications like ISO and SOC2 involve. The data protection stuff is welcome and often pre-existing, the other stuff is what annoys people.
Most rules and regulations are not crap.
But whole compliance industry is crap.
One way they inflate expectations to extract money the other way they cut corners to rubber stamp BS to make it as cheap as possible for themselves.