Comment by dgellow
3 hours ago
Thanks for the clarification, in that case the text is indeed really weak. Does that system work in practice, or are companies just claiming they are HIPAA compliant with close to no actual auditing mechanism?
3 hours ago
Thanks for the clarification, in that case the text is indeed really weak. Does that system work in practice, or are companies just claiming they are HIPAA compliant with close to no actual auditing mechanism?
You get that the technical controls in SOC2 are also extremely weak, right?
Sure, yes. The way I understand SOC2 relies on the auditors to set the effective standard. So it really depends who audited you
SOC2 auditors are accountants. A SOC2 auditor verifies only that you're doing what you say what you're doing.
4 replies →