zlacker

[parent] [thread] 4 comments
1. grinic+(OP)[view] [source] 2020-04-14 16:30:17
I don't work at GitHub, but I believe if you reach out to GitHub Support and sign an NDA they can provide you the SOC-2 report. (Most vendors will do this.)
replies(1): >>amsull+a
2. amsull+a[view] [source] 2020-04-14 16:31:09
>>grinic+(OP)
We reached out and were told we would need to upgrade to the enterprise version. (This was probably 5 months ago before they announced a few startup friendly offerings)
replies(1): >>static+Wg
◧◩
3. static+Wg[view] [source] [discussion] 2020-04-14 17:46:09
>>amsull+a
I'm curious why you need the SOC2 report itself instead of some sort of signed statement of compliance. The details of the SOC2 don't seem like they should be important?
replies(1): >>grinic+YG
◧◩◪
4. grinic+YG[view] [source] [discussion] 2020-04-14 19:50:30
>>static+Wg
When you're going through SOC-2, your auditor will ask for the SOC-2 report of each critical vendor.
replies(1): >>tomsch+da1
◧◩◪◨
5. tomsch+da1[view] [source] [discussion] 2020-04-14 22:50:39
>>grinic+YG
If you're at that level of auditing I'd expect your company has enough cash to fork over for GHE.
[go to top]