←back to thread

Excalidraw+ Is Now SoC 2 Certified

(plus.excalidraw.com)
233 points gmays | 1 comments | 24 Jun 25 01:54 UTC | HN request time: 0.202s | source
Show context
quicklime ◴[24 Jun 25 03:11 UTC] No.44362564[source]
From the article:

> SOC 2 is a security and compliance framework created by the AICPA

How is it that a group of accountants (the American Institute of Certified Public Accountants) was able to create a security framework for software, and position themselves as the sole gatekeeper who decides which auditors are allowed to certify SaaS vendors?

I’m surprised that companies would look to accountants, rather than people from the tech industry, to tell them whether a vendor has good IT security practices.

Yet the whole tech industry seems to be on board with this, even Google, Microsoft, etc. How did this come to be?

replies(3): >>44362616 #>>44362924 #>>44363678 #
1. citizenpaul ◴[24 Jun 25 04:45 UTC] No.44362924[source]
Because CS refuses to formalize/unionize/license itself to its own detriment. There is no standard software developer. Accounts have some minimum bar to maintain their license. Who would you choose?