Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: ISO/SOC2 Certifications
5 points by js4ever on Sept 9, 2023 | hide | past | favorite | 8 comments
Hey dear HN community, more and more of our (enterprise) customers are asking for ISO27001 / SOC2 certifications.

Do you have any recommendations about where to start?



Get a demo from Vanta, SecureFrame and Drata, pick one and they’ll hold your hand throughout the process. It’s not cheap (even without using one of those), but it makes life easy.


I've had a good experience with Vanta. They help automate infra related controls which is huge when you come from manual screenshot hell that SOC2 can be.


I found Vanta (best SEO on this topic) thanks for the other names, will do. What's the price to expect for both iso27001 and SOC2?


It’s going to differ a lot based on the size of your company and the auditor you end up picking. If I had to guess you’re looking in the 30-80k range for everything.


I've briefly met a couple of the guys who work at Vanta and they seemed smart and variable. Ymmv, of course.


I have seen ISO 27001 implemented twice, both time it was led by someone who knew the game (each time it was different person). I don't know the budget but from what I have seen to have these guys who knew the drill was crucial..


Some auditor recommendations from personal experience -

The top tier is Coalfire and Schellman, but you are looking at $100k in auditor fees. More affordable is BARR and A-LIGN. If you are happy to have multiple vendors, KPP for SOC2 and BSI for ISO.


Thanks, will check them




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: