Just some unfiltered feedback after checking out the website: from what I understand this is an SaaS only? So basically I’m asked to upload ALL company docs to a company that existed for basically a minute with some questionable SOC2 report. Soc2 is basically dead as a security artefact and the data asked to upload is sensitive by nature. I don’t see that working.
Sure, I work in security, and the amount of sub-6 month old companies with SOC2 reports are mind-boggling. The trend started probably a year ago or at least I noticed it. There is seemingly no oversight of AICPA to enforce any kind of standard in practice, companies like Delve are hiring vibe-auditors to autogenerate the reports. You already had the issue with low-cost providers like A-Scend who have maybe one qualified auditor across 5 auditing teams or so (I worked with them several times) - but at least they had several rounds of human-QA before issueing any kind of report. A company that started 6 months ago simply cannot in any meaningful way prove that they should be trusted, because they cannot prove that their processes are solid. And that's fine and normal, you have early adopters and companies with not-so-critical data for these use cases. Getting some vibe audited reports early on is setting you up for distrust, it's a signal that you are willing to take all short cuts to get enterprise customers and that's a red flag.
