AWS'? SOC 2 isn't also yours

AWS' SOC 2 isn't also yours

Eric Martin Eric Martin

Eric Martin

Head of Sales at Vanta - we're hiring!

发布日期: 2020年3月11日
+ 关注

A few times a week, we get "not interested" email replies from smaller prospects who tell us that they don't need a SOC 2 because "it's covered" by one of their vendors.

The most common vendors that folks like to call out are AWS and Google Cloud.

It's great (and true) that those companies have their own SOC 2 reports, but just because they've put in the work doesn't mean that you're in the clear.

There are "carve-outs" tied to using managed vendors (meaning you will have fewer SOC 2 controls), but those represent a small percentage of the work that's involved.

For example, you might have 100 controls in your entire SOC 2 report, and the following might be the only ones that you can "carve-out" because you rely on AWS:

No alt text provided for this image

As an early-stage company trying to tap dance around SOC 2 requirements, I encourage you to try using the "we use managed vendors" line - but be wary of prospects who accept it.

Will Fraser

Growing the partnership economy through customer advocacy

5 年

Eric well said. We see competitors try to use this all the time. Thankfully the Enterprise security teams see right through it. However, there are a lot of smaller companies that don’t know better.
回复
1 次回应

要查看或添加评论,请登录

Eric Martin的更多文章

  • The Sales Coaching Program at Vanta
    2021年12月7日

    The Sales Coaching Program at Vanta

    If you're any kind of sports fan, you appreciate that it takes a full coaching staff with a wide range of specialties…

    8 条评论
  • The SOC 2 Type I Myth
    2019年10月3日

    The SOC 2 Type I Myth

    If you work for a mature B2B company who handles sensitive data or sells into the enterprise, odds are that you already…

    1 条评论
  • Thank you DataFox, hello Vanta
    2019年7月9日

    Thank you DataFox, hello Vanta

    During my last few months at DataFox, I saw the biggest deal of my sales career go sideways - because we didn't have a…

    11 条评论
  • Why can't you Share Lists in Sales Navigator?
    2018年12月21日

    Why can't you Share Lists in Sales Navigator?

    I recently uncovered two really cool use cases for LinkedIn Sales Nav for Inside Sales teams. This post touches on the…

    7 条评论
  • Sales Troll Patrol - How to Spot Them
    2018年4月26日

    Sales Troll Patrol - How to Spot Them

    Internet trolls are the worst. Train your sales frontline as much as you want on how to pick them out, but a few will…

    1 条评论
  • Are You Even Scoring Your Accounts?
    2018年4月16日

    Are You Even Scoring Your Accounts?

    Our April Sales Ops meetup theme was Account Scoring and Prioritization, and our All-Star speakers were Laura Kornacka…

    1 条评论
  • Women in Sales Ops: One Team, One Dream
    2018年4月3日

    Women in Sales Ops: One Team, One Dream

    Our March Sales Ops meetup theme was Women in Sales Ops. We invited three accomplished women to come speak about their…

    1 条评论
  • The Rise of Revenue Ops
    2018年2月20日

    The Rise of Revenue Ops

    February’s SF Sales Ops meetup theme was: The Rise of Revenue Ops. For the meetup, we brought three local revenue…

  • Will 2018 Mark the End of the Robo-Rep?
    2018年1月16日

    Will 2018 Mark the End of the Robo-Rep?

    At our Sales Operations Meetup last week, Pete Kazanjy and Dan Smith joined me in front of 100 sales professionals to…

    2 条评论
  • Sell your Success Team
    2017年11月28日

    Sell your Success Team

    At DataFox, the second that a deal closes, the customer relationship is taken over by one of our customer success…

社区洞察

其他会员也浏览了