| ▲ | alexpotato 3 hours ago | |
> Regulatory frameworks like SOC 2 and HIPAA require audit trails and evidence retention Sidebar: Having been part of multiple SOC audits at large financial firms, I can say that nothing brings adults closer to physical altercations in a corporate setting than trying to define which jobs are "critical". - The job that calculates the profit and loss for the firm, definitely critical - The job that cleans up the logs for the job above, is that critical? - The job that monitors the cleaning up of the logs, is that critical too? These are simple examples but it gets complex very quickly and engineering, compliance and legal don't always agree. | ||
| ▲ | Ucalegon 2 hours ago | parent | next [-] | |
Thats when you reach out to your insurer and ask them their requirements as per the policy and/or if there are any contractual obligations associated with the requirements which might touch indemnity/SLAs. If it does, then it is critical, if not, then its the classic conversation of cost vs risk mitigate/tolerance. | ||
| ▲ | a13n 3 hours ago | parent | prev | next [-] | |
depends, if you don’t clean up the logs and monitor that cleanup will it eventually hit the p&l? eg if you fail compliance audits and lose customers over it? then yes. it still eventually comes back to the p&l. | ||
| ▲ | hsbauauvhabzb 2 hours ago | parent | prev [-] | |
And in the big scheme of things, none of those things are even important, your family, your health and your happiness are :-) | ||