How to Comply
LaunchDarkly recently pursued SOC Type 2 compliance, which had significant impact on their engineering operations and development teams. The process was made easier due to the founding engineering team's experience and philosophy. It is recommended that businesses view certification criteria as benefits of good business practices rather than just a means to sell into certain customers or verticals. Key security principles include least privilege access, limiting data collection, using multi-factor authentication, planning for employee onboarding and offboarding, incorporating account context in logs, building for failure, keeping documentation up to date, and making security part of the company's foundation and culture.
Company
LaunchDarkly
Date published
Aug. 21, 2017
Author(s)
Adam Zimman
Word count
1437
Language
English
Hacker News points
None found.