When will this SOC madness end?
replies(1):
In all seriousness, as annoying as it is, I’ve been through it so many times now (not as the guy managing the process! That is some serious work I thankfully have not yet had to lead). At this point, a lot of it does feel like a pretty good guideline for enforcing some best practices, if you set up your initial controls right. Basic access management, SSO, branch protection, traceability, is actually really useful, and getting it right early on has saved some serious headaches. That being said, it does seem a little over the top sometimes. Especially some of the standard compliance vendor defaults. But it’s really not that hard with a good CISO (but again, whenever I see the documentation required, I’m so thankful it’s not me).