Comment by panflute
3 hours ago
I've seen a small company do a SOC2 where the "CEO" seems to be the only actual employee..
Its a lot of paperwork but it is supposed to scale for company size so you could dismiss with a lot of the separation if the CEO accepts risks and perhaps relies on a fair amount of external systems that are already certified and has some contractors for specific tasks etc.
No comments yet
Contribute on Hacker News ↗