• Subscribe
  • Learnings from SOC 2 certification

    Stedman Blake Hood
    4 replies
    When we started pursuing SOC 2 certification, I was ๐Ÿ™„ about it. I thought of it as just another example of regulatory capture that destroys more value than it creates. Here's the story of my 180ยบ on that. First, the history of SOC 2: It originated in the 1970s when accounting auditors needed a way to assess how companies handled financial controls. Over time, it expanded to include information security. As we went through the process, I realized that SOC 2 certification was far more than a stamp of approval. It went beyond our software architecture and data infrastructure. SOC 2 affected HR processes like off-boarding employees, managing permissions. Most importantly, I realized that without SOC 2, companies would have to independently evaluate the security of each prospective vendor before connecting their data to external systems. Can you imagine? It would be incredibly costly and error-prone. SOC 2 spares companies from this schlep โ€“ saving time, money, and reducing the risk of mistakes. It isnโ€™t perfect. But I now appreciate its role in making our world safer, and reducing friction to companies working together ๐Ÿค

    Replies

    Stedman Blake Hood
    More details here: https://www.dispatch.do/blog/soc-2 Happy to answer questions on the process ๐Ÿ‘‹ Hope this helps others in the PH community considering the pros and cons of SOC 2 certification.
    Chan Koh
    Totally feeling the pain of this right now but definitely see the value of adding process where we have none.
    Stedman Blake Hood
    @kchanhee Yeah - honestly if your customers aren't demanding it, then I wouldn't worry. We just found that too many folks were chomping at the bit to use Dispatch, but were getting blocked by their IT teams.
    Johannes Mattes
    Is ISO 27001 certification also interesting for you?