Learnings from SOC 2 certification

Stedman Blake Hood
4 replies
When we started pursuing SOC 2 certification, I was 🙄 about it. I thought of it as just another example of regulatory capture that destroys more value than it creates. Here's the story of my 180º on that. First, the history of SOC 2: It originated in the 1970s when accounting auditors needed a way to assess how companies handled financial controls. Over time, it expanded to include information security. As we went through the process, I realized that SOC 2 certification was far more than a stamp of approval. It went beyond our software architecture and data infrastructure. SOC 2 affected HR processes like off-boarding employees, managing permissions. Most importantly, I realized that without SOC 2, companies would have to independently evaluate the security of each prospective vendor before connecting their data to external systems. Can you imagine? It would be incredibly costly and error-prone. SOC 2 spares companies from this schlep – saving time, money, and reducing the risk of mistakes. It isn’t perfect. But I now appreciate its role in making our world safer, and reducing friction to companies working together 🤝

Replies

Stedman Blake Hood
More details here: https://www.dispatch.do/blog/soc-2 Happy to answer questions on the process 👋 Hope this helps others in the PH community considering the pros and cons of SOC 2 certification.
Chan Koh
Totally feeling the pain of this right now but definitely see the value of adding process where we have none.
Stedman Blake Hood
@kchanhee Yeah - honestly if your customers aren't demanding it, then I wouldn't worry. We just found that too many folks were chomping at the bit to use Dispatch, but were getting blocked by their IT teams.
Johannes Mattes
Is ISO 27001 certification also interesting for you?