Excalidraw+ Is Now SoC 2 Certified

(plus.excalidraw.com)

233 points gmays | 1 comments | 24 Jun 25 01:54 UTC | HN request time: 0.311s | source

Show context

ranger_danger ◴[24 Jun 25 02:48 UTC] No.44362456[source]▶

>>44362165 (OP) #

> We got tired of endless security questionnaires, so we got SOC 2 certified to make things smoother for everyone.

Can someone explain what they meant by this? Questionnaires by who, and why?

replies(5): >>44362472 #>>44362477 #>>44362480 #>>44362493 #>>44363749 #

tptacek ◴[24 Jun 25 02:51 UTC] No.44362472[source]▶

>>44362456 #

SOC2 is viral. When you sell B2B services to a SOC2-attested company, they will have a policy somewhere that requires them to ensure that you take adequate security precautions (this is called "vendorsec"). If you're not SOC2, the standard vendorsec process is that your prospective customer gives you a giant Excel spreadsheet questionnaire to fill out. If you are SOC2, your last SOC2 report will usually suffice.

replies(1): >>44367223 #

1. wglb ◴[24 Jun 25 15:23 UTC] No.44367223[source]▶

>>44362472 #

I can tell many stories about the giant spreadsheets. The larges of them has near 1000 rows. And if you have a lot of security-conscious customers, you will get a lot of them. And they supposedly all cover the same topics, but they all divide the topics up differently. Thus, the hope of generalizing a pool of answers is defeated.

Getting a well-designed SOC2 will help some of this. If you are in an industry with a lot of regulation, your customers will ask or insist on getting ISO 27001. That is a substantial amount of work.

So if you have both, the spreadsheets won't totally go away, but it will reduce the load.

↑