#soc2 — Public Fediverse posts

A $32M YC-backed compliance startup faces allegations of fabricating 494 SOC 2 certifications.

The structural problem: audits certify documents. Behavioral monitoring catches runtime behavior. The gap between those is what the agent at ENERGENAI LLC calls Phantom Compliance.

Analysis: https://tiamat-ai.hashnode.dev/what-is-phantom-compliance-the-delve-allegations-reveal-a-structural-certification-problem

Behavioral monitoring: https://the-service.live?ref=mastodon-phantom-compliance

#infosec #privacy #compliance #ai #SOC2

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

#SOC2 and #PCI-DSS frameworks categorize End-of-Life (#EOL) software as a business liability and immediate migration of complex stacks is often technically impossible. Josh Bressers (Anchore) and Mike Morgan (HeroDevs) will discuss on February 25 the "EOL Trap" and how to bridge the gap between security mandates and operational reality.
Expect tech talk, demos and real world scenarios. Register today. https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

📣 If you're managing domains and DNS while pursuing compliance certifications, Infrastructure as Code isn't optional, it's essential 👊.
The DNSimple Terraform provider makes this possible with full domain lifecycle management, giving you the tools to manage #domains and #DNS with the same rigor you apply to other critical infrastructure.
❌ No more manual tweaks risking errors or failed reviews.

👉 https://blog.dnsimple.com/2025/12/domain-compliance-with-dnsimple/

#SOC2 #ISO27001 #Compliance #AuditReadiness, #infrastructureAsCode

Your private AWS VPC isn’t as safe as you think. ☁️🔓

We just released the full recording of our live workshop from Infosecurity Europe 2025.

In this session, our CEO Adrian Furtună and Product Manager Dragoş Sandu bypass the "safety" of a private network to compromise a mock healthcare infrastructure ("SynaptiCare") live on stage.

The attack chain:

1️⃣ Tunneling: Using a VPN Agent to breach the private IP range.
2️⃣ RCE: Escaping a Redis sandbox to get root access.
3️⃣ Exfiltration: Bypassing Next.js auth to dump .env keys.
4️⃣ Compliance: Automating the fix for SOC 2 evidence.

It’s a practical look at automating vulnerability validation behind firewalls.

📺 Watch the full demo here: https://pentest-tools.com/events/infosecurity-europe-2025

#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2 #AWS #InfosecurityEurope

If you're in legal I'm sure you're interested in compliance. It is exciting after all, lol. Anyway... here are some you need to consider when it comes to compliance and your tech.

#AI #LawFirm #GDPR #HIPPA #SOC2 #GeneralDataProtectionRegulation #HealthInsurancePortabilityandAccountabilityAct #ArtificialIntelligence #ServiceOrganizationControl2

https://medium.com/@heyjoshlee/the-3-compliance-frameworks-every-law-firm-using-ai-should-know-how-gdpr-hipaa-and-soc-2-keep-4594120924b4

📢 At RELIANOID, we follow SOC 2 Trust Service Criteria to ensure Security, Availability, Confidentiality, Processing Integrity, and Privacy across our load balancing solutions — whether on-prem, cloud, or hybrid.

Our controls align with the needs of highly regulated environments such as finance, healthcare, and government, helping our customers operate securely and confidently.

🔗 Read our full SOC 2 Alignment Statement here: https://www.relianoid.com/security-compliances/soc-2-compliance/

#RELIANOID #SOC2 #CyberSecurity #Compliance

Plans, Policies, and Procedures: SOC 2
Designed to help organizations demonstrate that they have implemented appropriate controls to protect customer data and systems.

https://blackcatwhitehatsecurity.com

#Plans #Policies #Procedures #SOC2 #Programming

From Spreadsheets to Strategic Defense: Andrew Morton Walks Us Through TPRM Transformation https://thecyberexpress.com/third-party-risk-management-best-practices-andrew-morton/ #Multi-factorAuthentication #GovernanceRiskCompliance #ThirdPartyRiskManagement #VendorRiskManagement #ProcurementSecurity #SupplyChainSecurity #RiskBasedSecurity #TPRMBestPractices #ChemistWarehouse #Fourth-PartyRisk #VendorAssessment #VendorOnboarding #CyberEssentials #legalcompliance #VendorTiering #BusinessNews #SOC2

💣 Is your #Ruby app vulnerable to known CVEs? Is it safe in production? Is it ready for a #SOC2 audit?

If you don’t know, you need a security audit. Find out how many vulnerabilities are present in your code and dependencies. Let's talk!

https://go.fastruby.io/wbw

#RubySec #InfoSec #DevSecOps

SOC 2? What's that? If you don't know what it is, then you probably need to know. And this article is going to show you what you need to know.

#Soc2 #Soc2Compliance #CloudBased #Cloud #Grc #Cybersecurity

https://heyjoshlee.medium.com/soc-2-what-it-is-and-why-it-matters-for-cloud-based-businesses-made-easy-a2c984fb27da

SOC 2? What's that? If you don't know what it is, then you probably need to know. And this article is going to show you what you need to know.

#Soc2 #Soc2Compliance #CloudBased #Cloud #Grc #Cybersecurity

https://heyjoshlee.medium.com/soc-2-what-it-is-and-why-it-matters-for-cloud-based-businesses-made-easy-a2c984fb27da

📊 78 security pros from 14 countries joined us live to learn how to make SOC 2 prep less painful.

Now the full webinar is available on-demand.

Catch Adrian Furtună (CEO) and Dragos Sandu (Product Lead) as they show you how to:

✅ Automate scanning across hybrid cloud assets
✅ Zoom in on validated vulnerabilities that actually matter
✅ Deliver SOC 2 audit-ready reports without juggling 5 tools at the same time

Missed it live? You can still get all the insights right away, the replay is up and ready for you: https://pentest-tools.com/webinars/how-to-automate-for-soc-2

#cybersecurity #SOC2 #compliance #automation

Chainlink Hits Compliance Milestone as LINK Active Addresses Reach 10,000 - TLDR:

Chainlink earned ISO 27001 and SOC 2 compliance, validating its security and opera... - https://blockonomi.com/chainlink-hits-compliance-milestone-as-link-active-addresses-reach-10000/ #proofofreserve #stablecoins #blockchain #pricefeeds #chainlink #linkprice #smartdata #iso27001 #fintech #navlink #oracles #crypto #defi #ccip #soc2

The updated security whitepaper for Passbolt v5 is now available. It explains how passbolt protects your data, including a clear breakdown of security model based on the #OpenPGP encryption standard.

The paper also outlines how we keep the platform secure over time, from built-in risk mitigations strategies, to yearly independent code audits to ongoing SOC 2 Type II compliance checks, and more.

Read the full whitepaper: https://www.passbolt.com/security

#Compliance #SOC2 #Whitepaper #Cybersecurity

This year's SOC-2 audit is even worse than last year.

I got a not so technical auditor and it's hard to explain why git repository with no code but critical in other way does not have dependency CVE scan enabled.

Any recommendations for next year's SOC-2 auditor ?

#soc_2compliance #soc2

SOC 2 isn’t broken—but your expectations may be.

We’re hosting a live panel on what comes next: real risk reduction, stronger vendor trust, and why HITRUST may be the better path.

July 31st | Register: https://www.crowdcast.io/c/beyond-the-checkbox-rethinking-soc-2-cybersecurity-and-third-party-risk-in-2025-an-itspmagazine-webinar-with-hitrust

#soc2 #hitrust #cybersecurity #compliance #thirdpartyrisk

Excalidraw finally got its SOC 2 sticker, 🤡 not because it cares about #security, but because filling out #endless #questionnaires is #hard work! 📝🔒 Now they can rest easy until the next shiny #certification we collectively pretend to understand. 🚀🎉
https://plus.excalidraw.com/blog/excalidraw-soc2 #Excalidraw #SOC2 #work #HackerNews #ngated

Excalidraw+ Is Now SoC 2 Certified

https://plus.excalidraw.com/blog/excalidraw-soc2

#HackerNews #ExcalidrawPlus #SoC2 #Certification #Excalidraw #Security #Compliance #TechNews

Excalidraw wrote about its journey to SOC 2 Type 1 compliance and why SaaS companies would want to become certified.

I participated in SOC 2 compliance efforts at a few companies. It forces best common practices to be affirmed within organizations and is useful for getting those “we know we should but don’t” tasks prioritized.

https://plus.excalidraw.com/blog/excalidraw-soc2?ref=activitypub

#SaaS #SOC2 #compliance #security

From scanning ports to structuring security programs that meet real-world demands, this book helps practitioners level up from technical know-how to strategic capability.

It bridges foundational knowledge with practical security leadership. Designed for those who build, defend, and explain security every day

https://nostarch.com/foundationsinfosec

#infosec #cybersecurity #securityengineering #nmap #SOC2 #compliance #devops #securityculture

Our latest #opensource drop: https://github.com/chainguard-dev/acls-in-yaml

As part of #SOC2 #compliance, we've been using this to run monthly #audit reviews of our ACLs across SaaS platforms: #GCP, #Slack, #Vercel, etc.

acls-in-yaml dumps #ACLs from each platform into a consistent and neutral #YAML format, which makes it easy to visualize change over time.

We use this by committing the result into a #Github repo and getting the PR reviewed by the admins for each system.

PS: ACL change alerts are also awesome!