zlacker

[parent] [thread] 5 comments
1. amsull+(OP)[view] [source] 2020-04-14 16:28:41
Hi! Any perspective of extending SOC2 Report access to the Teams level? Small companies in regulated environments aren't able to jump to enterprise ($$$) so need to look elsewhere to get a SOC2 compliant version control system at a decent price. Love the Github product so it was tough when we had to make the decision to move off of it.
replies(1): >>grinic+n
2. grinic+n[view] [source] 2020-04-14 16:30:17
>>amsull+(OP)
I don't work at GitHub, but I believe if you reach out to GitHub Support and sign an NDA they can provide you the SOC-2 report. (Most vendors will do this.)
replies(1): >>amsull+x
◧◩
3. amsull+x[view] [source] [discussion] 2020-04-14 16:31:09
>>grinic+n
We reached out and were told we would need to upgrade to the enterprise version. (This was probably 5 months ago before they announced a few startup friendly offerings)
replies(1): >>static+jh
◧◩◪
4. static+jh[view] [source] [discussion] 2020-04-14 17:46:09
>>amsull+x
I'm curious why you need the SOC2 report itself instead of some sort of signed statement of compliance. The details of the SOC2 don't seem like they should be important?
replies(1): >>grinic+lH
◧◩◪◨
5. grinic+lH[view] [source] [discussion] 2020-04-14 19:50:30
>>static+jh
When you're going through SOC-2, your auditor will ask for the SOC-2 report of each critical vendor.
replies(1): >>tomsch+Aa1
◧◩◪◨⬒
6. tomsch+Aa1[view] [source] [discussion] 2020-04-14 22:50:39
>>grinic+lH
If you're at that level of auditing I'd expect your company has enough cash to fork over for GHE.
[go to top]