November 22, 2020.
Recently I’ve been chatting more with Chris Stobie, Calm’s Engineering Director of Infrastructure (obligatory, come work with us!), about how we can get more value from our compliance work. As any company starts selling and partnering with larger companies, the size and quantity of security reviews increase, and fulfilling some of the better-known security regimes is the most reliable way to reduce that overhead.
To learn a bit from the community, I tweeted out curious if folks thought highly of the various related compliance tools and platforms out there, and I've collected the notes here.
Have any of you used something like eg Vanta to reduce overhead of SOC 2, ISO 27001 and HIPAA? Better than ye olde spreadsheet? How *much* better?— Will Larson (@Lethain) November 19, 2020
Some of the considerations to think about:
Most commonly used tools:
Open source tools:
Some useful links and such from the responses: