By all means use tools like these, but be very careful, because they (and audito... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek 10 months ago \| parent \| context \| favorite \| on: The Startup CTO's Handbook By all means use tools like these, but be very careful, because they (and auditors that use them) will lead you into engineering changes that are not required for SOC2 and may not be what's best for your team. For instance: there is absolutely no need to set up PHI scanning or a WAF to get SOC2.

film42 10 months ago [–]

My startup has to maintain a HIPAA cert, hence PHI scanning. But, you are correct.

mirashii 10 months ago | [–]

I'm a few years out of date, but I don't believe that any sort of PHI scanning is specifically required by HIPPA either, though I've seen plenty of consultancies happy to sell you it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact