undefined | Better HN

0 pointsdgellow2h ago0 comments

Thanks for the clarification, in that case the text is indeed really weak. Does that system work in practice, or are companies just claiming they are HIPAA compliant with close to no actual auditing mechanism?

0 comments

tptacek2h ago

You get that the technical controls in SOC2 are also extremely weak, right?

dgellowOP2h ago

Sure, yes. The way I understand SOC2 relies on the auditors to set the effective standard. So it really depends who audited you

tptacek2h ago

SOC2 auditors are accountants. A SOC2 auditor verifies only that you're doing what you say what you're doing.

2 more replies

j / k navigate · click thread line to collapse

0 comments

tptacek2h ago

You get that the technical controls in SOC2 are also extremely weak, right?

dgellowOP2h ago

Sure, yes. The way I understand SOC2 relies on the auditors to set the effective standard. So it really depends who audited you

tptacek2h ago

SOC2 auditors are accountants. A SOC2 auditor verifies only that you're doing what you say what you're doing.

2 more replies

j / k navigate · click thread line to collapse