← Back to context

Comment by iririririr

9 days ago

what an accountant audit help in this case? because that's literary all that's required for those.

I'm 100% certain they keep that for retraining. I've seen advertising pipelines promise the same thing and drown in data "because it's anonimized".

I'm certain same exact thing happens with Ai chatbots, even on top enterprise licenses.

2 comments

iririririr

Reply
nijave  8 days ago

SOC 2 and ISO27001 are definitely not accounting audits. Our auditors request policies, procedures, and evidence that we're following the policies and procedures. Oftentimes evidence is screenshots of the running environment (vomit) or audit logs. The auditor may or may not selectively request more information on demand (so you can't go in being sure you know what they're looking at)

If this is something you care about (compliance) your vendor due diligence process should include ensuring the company used a respected/trusted auditor.

  • iririririr  6 days ago

    right. because everyone cares about compliance. sorry for the snarky tone, but it really unavoidable here.

    it IS an accounting certification. That include a cursory look at (likely outdated, often creator for the audit and never read by anyone) documentation.