I wish some of the privacy focused GA alternatives had SOC 2 reports, or ISO 27001. We’re working towards our first SOC 2, which makes it hard to incorporate anything without one into our product.
On prem is a lot of work, and not something i want to approach lightly.
Yes it’s a huge racket that’s likely does little to solve the problems it was enacted to prevent. But have you tried making deals with large SOC2 companies without your own certification?
Having gone through ISO 27001 and PCI DSS level 2 I kind of assumed all of these security focussed compliance standards are just that. Anyone have any exceptions?
On prem is a lot of work, and not something i want to approach lightly.