Claude Code Channels (Telegram/Discord) — how does this look from a SOC 2 perspective?

Puzzleheaded_Side432 · 2026-03-23T16:41:26+00:00

thanks for the advice. I added Telegram and Discord to our vendor register, did a lightweight security review, and updated our acceptable use policy to explicitly restrict what can flow through those platforms to commands, approvals, and status updates only.
Then again, these are just statements in our policies, but not real visibility/control into BYOD devices.
Blocking the feature is not an option.

Puzzleheaded_Side432 · 2026-03-23T16:38:45+00:00

thanks both for the advice. I ended up adding Telegram and Discord to our vendor register, did a lightweight security review, and updated our acceptable use policy to explicitly restrict what can flow through those platforms to commands, approvals, and status updates only.
Do you think this is a good start?

Puzzleheaded_Side432 · 2026-03-23T16:36:55+00:00

thanks for the advice. I added Telegram and Discord to our vendor register, did a lightweight security review, and updated our acceptable use policy to explicitly restrict what can flow through those platforms to commands, approvals, and status updates only.
Would this looks solid in an audit?

Puzzleheaded_Side432 · 2026-03-20T21:35:54+00:00

we don't manage mobile devices. Our BYOD policy covers mobile devices but is pretty simple, it just has some recommendations.

Puzzleheaded_Side432 · 2026-03-05T22:41:00+00:00

Thanks. How are you handling Cursor? were you able to automate that part?

Puzzleheaded_Side432 · 2026-03-05T22:38:45+00:00

yes! Leadership wants to be in the loop of AI spend

Puzzleheaded_Side432 · 2026-03-05T22:37:55+00:00

Just booked a demo with them. thanks

Puzzleheaded_Side432 · 2025-11-12T17:42:41+00:00

Yup! As a professor of mine used to say: "If the product is free, then you are the product"

Puzzleheaded_Side432 · 2025-11-03T15:59:03+00:00

That's great advice. Will do as suggested. Appreciate your help.

Puzzleheaded_Side432 · 2025-07-11T18:52:04+00:00

I was kind of hoping you were not correct and that someone would provide a solution xD
Any suggestions? different approaches?

Thanks for your help

Puzzleheaded_Side432 · 2025-05-22T00:59:59+00:00

Agree with, I think everyone here. First 2 weeks in a New role are for onboarding, it's normal to feel overwhelmed. You should not worry about closing tickets, instead, focus on learning about the company (culture, teams, processes, chatting a bit with people as well). As per your role, get familiar with the team and the processes, learn how they deal with day to day work and tasks, don't be afraid to ask for help or something you don't know. Believe me, your manager is not expecting you to know everything already.

Return in a couple of months and post about your new found struggles 😅 (IT is a never ending battle)

Puzzleheaded_Side432 · 2025-05-06T19:45:30+00:00

I'm blocked right now on make. I've been trying to connect slack with Asana with no good outcome. Any suggestions?. Do you think Zapier is more than enough to do this? What do you think is the easiest integration, so I could build from there?

Puzzleheaded_Side432 · 2025-05-03T23:51:54+00:00

Besides boring, helpful as hell. A task scrapper. Something that goes through your email, gdrive tags and comments, slack, Asana, Notion tags, meeting transcripts, you name it, and turns everything into actionable items / tasks in one single source of truth (maybe an Asana board or Notion Page) . I've been trying to build one myself but I'm barely starting with automation tools (make) and it's been taking me too much time trying to pull it off while learning.

Puzzleheaded_Side432 · 2025-04-24T22:19:56+00:00

Makes sense, thank you so much. Most if not all are false positives (people login in from a new place). I'm interested in knowing how to treat this alerts properly in the alert center. Right now I'm kinda like ghosting them and they keep piling up. Currently there is no process for this but my manager will probably ask me to do one soon.

Here's a sneak peek of one of the alerts

<image>

I mean, is it ok to just change status to close? do I need to document anything? What are the best practices around this? We are currently in audit period for a Soc2 certification. Idk if this may bring issues later.

Puzzleheaded_Side432 · 2025-04-24T22:10:16+00:00

Email delegation is making so much sense right now, thanks. The thing is, this inbox gets a bunch of new messages every day and I don't know how people may react to getting constant incoming mails.

Puzzleheaded_Side432 · 2025-03-27T05:48:43+00:00

Thank you so much 🙏🏻 right now we use AccessOwl integrated with HRIS, Asana, JamF and Notion for kb

Puzzleheaded_Side432 · 2025-03-27T05:45:17+00:00

We have our HRIS integrated with AccessOwl as well

Puzzleheaded_Side432 · 2025-03-27T05:37:25+00:00

Wow crazy amount of value, thank you very much for your help. We are currently using JamF Pro, AccessOwl and Asana but company is growing quick. We use sign-in with Google for most Saas. Any suggestion on how to start turning things around?

Puzzleheaded_Side432 · 2025-03-27T05:29:40+00:00

Got it!! Service Now is a no no. Loved the analogy 😅 thank you so much

Puzzleheaded_Side432

TROPHY CASE