Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
throwaway2016a 4 hours ago

There is a lot of serious allegations in here. But some of these complaints apply to most SOC 2 compliance services. For example: it points out that Delve provides pre-filled documents and encourages you to accept them as is. In my experience that is typical. I have seen companies just rubber stamp pre-created documents that describe IT processes that do not accurately reflect actual policy because the MBA[1] running the project didn't want to pull in IT and had no idea what any of it meant.

[1] No offense to MBA, just using it as a placeholder for: business stakeholder with no IT background.

hrimfaxi 4 hours ago | parent | next [-]

Giving you template device management policies is one thing, it's a whole other thing to say you don't have to have board meetings and generating fake minutes.

throwaway2016a 4 hours ago | parent | next [-]

100%, accepting pre-generated board meeting notes is egregious. This whole thing is awful and I am in no way defending it. The opposite, I think other compliance as a service companies also need to be scrutinized as well.

x0x0 4 hours ago | parent | prev [-]

If you aren't either having the minimal meetings or written consents per the requirements for the delaware C, something outside Delve's hands has gone off the rails...

whatinthenote 2 hours ago | parent | prev [-]

Doesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project.

As for the pre-filled stuff, that's what other SOC 2 companies mean when they try to sell you "compliance in a box." Not that bad if the company is starting from scratch (<1 year), but not realistic for a company that has an existing IT footprint.

However, the allegations here is that it is fraud. An "AI" company acting as a front for certification mills.