Mike DeKock on Building Competitive Advantage

There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.

The word "compliance" might make startup founders shudder as they think of onerous, time-consuming processes, but it doesn't have to be that way.

It’s natural to feel pressure from your organization's SOC 2 exam. There are people counting on it, the expectations are not always clear, and the idea of potential “failure” will always introduce stress… but it doesn’t need to be that way.