Comment by dmix
2 months ago
Not every sales team can convince a big paying customer that SOC2 isn't important. Lots of B2B SaaS companies have to play the enterprise lawyer game to get big contracts.
2 months ago
Not every sales team can convince a big paying customer that SOC2 isn't important. Lots of B2B SaaS companies have to play the enterprise lawyer game to get big contracts.
Fly is not saying "just ignore SOC2 compliance". Fly is saying "yes, get SOC2, we had to become SOC2 compliant, and also, you can work with your auditor to achieve SOC2 compliance in a more sane way than if you just do whatever is recommended upfront."
Basically, they are saying that you should tailor your SOC2 implementation so that it's actually useful without being a horrible overbearing process, that you have that option and should take it.
This feels like a weird response to a comment recommending how to approach getting a SOC2, that links to a blog post about Fly.io's SOC2.
The pitch isn't "don't get a SOC2", or "convince big paying customers that SOC2 isn't important". It's "don't worry about SOC2 until a big paying customer says they'll make big payments if you get it, and when you do worry about it, don't let SOC2 compliance trick you into doing bonkers infrastructure things"