undefined | Better HN

0 pointsnradov3y ago0 comments

Wrong again. That law only covers financial controls. It doesn't address user data.

0 comments

SOX compliance has expanded in recent years to cover a gamut of Cybersecurity process and policy. Go look it up. I recently compiled all the documentation necessary for a client I am serving in order to pass. It includes handling of PII, access controls for code repositories and production environments, and tools for ensuring code quality like performing static analysis and mitigating DDOS attacks such as a decent WAF.

nradovOP3y ago

Yes I have looked it up and you obviously have no clue what you're talking about. The law is the law, and regardless of what nonsense some random corporate trainer might have fed you, SOX compliance requirements haven't expanded in recent years. Go read the actual law instead of spreading misinformation.

Some businesses do require their partners to have additional controls on PII handling. But that's purely a business issue and has no relationship to SOX.

weard_beard3y ago

This is in the medical and recreational marijuana space which may have additional Reqs, but I am telling you exactly what the auditors themselves are asking for. I'm not talking out of my ass here.

1 more reply

j / k navigate · click thread line to collapse

0 comments

weard_beard3y ago

nradovOP3y ago

Some businesses do require their partners to have additional controls on PII handling. But that's purely a business issue and has no relationship to SOX.

weard_beard3y ago

This is in the medical and recreational marijuana space which may have additional Reqs, but I am telling you exactly what the auditors themselves are asking for. I'm not talking out of my ass here.

1 more reply

j / k navigate · click thread line to collapse