Does SOC2 itself require that or just yours? I'm not too familiar with SOC2 but I know ISO 27001 quite well, and there's no PR specific "requirements" to speak of. But it is something that could be included in your secure development policy.

▲

badgersnake 8 hours ago | parent [-]

Yeah, it’s what you write in the policy.

	▲	swiftcoder 8 hours ago \| parent [-]
		And it's pretty common to write in the policy, because its pretty much a gimme, and lets you avoid writing a whole bunch of other equivalent quality measures in the policy.