←back to thread

Excalidraw+ Is Now SoC 2 Certified

(plus.excalidraw.com)
233 points gmays | 1 comments | 24 Jun 25 01:54 UTC | HN request time: 0.211s | source
Show context
tptacek ◴[24 Jun 25 02:44 UTC] No.44362436[source]
This is all good, just a note for anybody reading this to the end: there's basically no way not to pass your Type 1, at least not if you're using a serious auditor. The point of a Type 1 is to document a point-in-time baseline. The Type 2 is the first "real" audit, and basically just checks whether you reliably did all the things you attested to in your Type 1.

All that is to say: you want to minimize the amount of security work you do for your Type 1, down to a small set of best practices you know you're going to comply with forever (single sign-on and protected branches are basically 90% of it). You can always add controls later. Removing them is a giant pain in the ass.

This is always my concern for people going into SOC2 cold: vendors in the space will use the Type 1 as an opportunity for you to upskill your team and get all sorts of stuff deployed. A terrible and easily avoided mistake.

I write this only because the piece ends with Excalidraw psyched to have cleared their Type 1. I hope their auditors told them they were always going to clear that bar.

replies(4): >>44362485 #>>44362521 #>>44362792 #>>44362850 #
swyx ◴[24 Jun 25 04:26 UTC] No.44362850[source]
Thomas is being a good HN citizen so he's not plugging his own blogpost, but for anyone else embarking on their SOC2 journey i'll plug his guide for him: https://fly.io/blog/soc2-the-screenshots-will-continue-until...
replies(2): >>44362956 #>>44363785 #
ramimac ◴[24 Jun 25 07:45 UTC] No.44363785[source]
In case it's helpful, I also collate quality blog posts in this genre over at https://rami.wiki/soc2/
replies(1): >>44364264 #
dan-robertson ◴[24 Jun 25 09:19 UTC] No.44364264[source]
I get a 404 currently, fwiw.
replies(1): >>44364349 #
ramimac ◴[24 Jun 25 09:36 UTC] No.44364349[source]
Fixed! Pages drops the custom domain whenever I push right now, have been putting off debugging it - apologies
replies(1): >>44365053 #
justusthane ◴[24 Jun 25 11:39 UTC] No.44365053[source]
If I understand the issue correctly, you just need a file called CNAME in the root of your repo containing your custom domain, like this: https://github.com/justusthane/justusthane.github.io/blob/ma...
replies(1): >>44375173 #
ramimac ◴[25 Jun 25 09:13 UTC] No.44375173[source]
Thanks! Unfortunately, I've somehow fallen off the paved road :) https://github.com/ramimac/wiki/blob/main/CNAME
replies(1): >>44377331 #
1. justusthane ◴[25 Jun 25 13:49 UTC] No.44377331[source]
GH Pages is particular about how your apex and www records are set up. I believe you need apex A records pointing to

185.199.108.153 185.199.109.153 185.199.110.153 185.199.111.153

which you already have. Your CNAME record at www.rami.wiki needs to point to "ramimac.github.io/wiki", and your CNAME file in the root of your repo needs to contain "www.rami.wiki" (www is necessary).

At this point, https://rami.wiki should automatically redirect to https://www.rami.wiki.

At least, that's more or less how mine is set up and it works for me :) I had the same issue as you until I got that all straightened out.