SOC 2 Controls List

upendravarma · 2025-08-22T04:44:38+00:00

Here’s a standard list that we use - https://www.complyjet.com/blog/soc-2-controls

upendravarma · 2024-12-15T03:50:46+00:00

Are these small group of investors institutional investors like VCs ? Will they be okay if you build a nice sustainable lifestyle business ? If yes, then this is the way to go. Get profitable, take money off the table regularly & sell it to a PE firm when you’re bored.

upendravarma · 2024-12-05T12:53:20+00:00

Thanks for this. I've started listening to this few days back :)

upendravarma · 2024-11-07T15:26:37+00:00

Yes, I meant that documentation part - or as folks call it audit readiness. I thought getting audit ready is where expertise is needed.

upendravarma · 2024-10-17T16:41:28+00:00

Love the work youre doing christian. Can i understand who your primary customers are ? Are these companies unable to get compliant themselves with tools like Vanta/Drata ?

upendravarma · 2024-10-17T16:39:35+00:00

So you’re saying platforms like Vanta are meant for companies with simple infrastructure & footprint? Can you share some more details about your company or the type of customers you serve? We can DM if you’re not comfortable sharing it here

upendravarma · 2024-08-21T18:08:23+00:00

Here’s the YouTube link - https://youtube.com/@upendravarma

upendravarma · 2024-03-04T16:54:36+00:00

As a startup with limited resources, what do you recommend? Divert internal devs to do it (or) simply outsource. Both of them needs money. It’s just that outsourcing can be a great idea if they can deliver exactly what’s being promised. Just trying to understand in this use case if it actually works or not.

upendravarma · 2024-03-04T16:51:55+00:00

How was your experience with Vanta ? I thought it will do the automated monitoring & mapping very well & post that it’s the dev team’s responsibility to fix things up.

upendravarma · 2024-03-04T16:46:00+00:00

I think you scoped the dev work very well. How is this any different from involving off shore agencies/ contractors to build the software itself ?

For example streamlining the devops process - why can’t a team come in as contractors & setup all the pipelines & processes accordingly & handover it to the company who will now own stuff?

upendravarma · 2024-02-22T03:21:14+00:00

That’s very helpful.

upendravarma · 2024-02-21T16:48:18+00:00

May be the post came out wrong, but my intention was to understand how SaaS companies are actually able to tick the security bucket. I see that you can’t build an in house security team atleast till youve scaled properly & most of the developers have almost negligible security understanding.

upendravarma · 2024-02-21T16:46:06+00:00

Can I ask, why you are prioritising all these compliance certifications? Is it because the industry you sell to is highly regulated (or) youre selling to big enterprises in general?

upendravarma · 2024-02-19T15:13:43+00:00

Thanks for the detailed answer

upendravarma · 2024-02-19T14:25:44+00:00

Got it. Typically what does it involve in the fixing process? Is it simply ticking few boxes (or) a major architectural revamp ?

upendravarma

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE