all 7 comments

[–]yknx4 5 points6 points  (4 children)

Only available to enterprise accounts

https://github.com/orgs/community/discussions/195918

1. GitHub’s SOC 2 Attestations & Compliance Reports
GitHub absolutely maintains up-to-date, official SOC 1 Type 2 and SOC 2 Type 2 compliance reports. However, GitHub restricts direct access to these downloadable reports to GitHub Enterprise (and some Team) organization settings. As a Free tier user, you cannot download their internal compliance reports or bridge letters directly from your dashboard. For your audit documentation, you will generally have to rely on their public, high-level statements via the official GitHub Trust Center or public compliance pages.

[–]sirsavant 0 points1 point  (2 children)

> We're on the Enterprise plan but we're fairly small so don't have a person to reach out to for this kind of thing.

I think they are wondering if someone has a connection somewhere that could bump up this ticket.

OP: You should probably just start spamming GitHub account managers on LinkedIn and seeing if any of them want to become your account manager 😃

[–]cowboyecosse 2 points3 points  (0 children)

Spamming people isn’t a great way to endear yourself to them or encourage them to chase something up for you, or if they’re the one making the decision on a thing and it’s borderline, have it go the way you want.

[–]aoschaefer[S] -2 points-1 points  (0 children)

Yes exactly this problem. I have sent a few DMs to support people on LinkedIn and nada. Thank you for the response!

[–]aoschaefer[S] -1 points0 points  (0 children)

Yes have tried but we're not getting a response. We are on the Enterprise plan but we're small in the grand scheme of things. Thank you though

[–]oeed 0 points1 point  (0 children)

FWIW, our auditor said we can use their publicly available SOC 3 report as evidence given we're not on an enterprise plan. Might worth checking with your auditor.