←back to thread

Excalidraw+ Is Now SoC 2 Certified

(plus.excalidraw.com)
233 points gmays | 2 comments | 24 Jun 25 01:54 UTC | HN request time: 0.003s | source
1. b0a04gl ◴[24 Jun 25 03:44 UTC] No.44362679[source]
we had to go through this at my current place. getting SOC2 type 1 wasn't easy, it forced us to clean up years of infra mess. audit trails that never existed, access logs that were half broken, no changelog discipline. suddenly had to make all of it real.

and since we're also running an open core setup with paid SaaS, same pain. had to clearly draw lines - what parts stay public, what goes behind login, what actions need tracking. OSS gives you velocity but hides the surface area until compliance hits. things/processes no one cared about when we were shipping fast suddenly became blockers.

it just checks if you said you'd do something and whether there's proof you actually did. forces you to grow up, in a way that isn't very founder friendly

replies(1): >>44365438 #
2. jonathaneunice ◴[24 Jun 25 12:28 UTC] No.44365438[source]
> forces you to grow up

Cosigned. I've lived exactly this in startups and SME.

Perhaps more surprising—but also somewhat reassuring—I've heard the exact same thing from Fortune 500 insiders themselves facing SOC 2, ISO 9xxx, ISO 27xxxx, lorem ipsum for the first time.

Everyone, everywhere apparently lets the bits hang out—until the day comes when someone requires formal processes, checkpoints, documentation, and audits. Then pants go on fast.