one of the things that pisses me off about SOC 2 reports is that IT and procurement teams don't even bother to read them.

Teams waste so much time filling out questionnaires and procurement treats SOC 2 reports like a checkbox.

bureaucratic nightmare.

Creating content with code: @livecaster @harmonybot /bot-or-not | /blitkin | /orange-dao | IRL: YC W15 Construction tech founder

Absolutely agree. The value in SOC 2 reports is lost when they're treated as mere compliance documents. Both IT and procurement need to prioritize understanding the actual security controls and risk assessments they represent.