Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Besides WorkOS being stupid expensive as far as I can see, the compliance requests we get goes far beyond that.

It includes our development practices, internal security, who has physical access to stuff and so on. And it's never the same, and they usually won't do any work themselves so we have to figure out how our situation maps to their 2000 custom questions.



Or you quit excusing your half assed practices, put on your big boy pants and do the work to get ISO270001 certification


We're on our way but it's a lot to do, especially as a more mature company.

If you're a startup, it might be beneficial to study ISO27001 early on, so you avoid relying on things which are difficult under ISO27001.

Anyway, my point was that just relying on WorkOS won't help that much in answering the security questionaires.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: