Once again fighting with the #soc2 auditors because they don't understand EDR/XDR vs basic AV.
The auditors make vague requests and then disappear for a few days before replying with even murkier responses.
They reject reports even though some systems only have the option of outputting to a .csv files, even with screenshots of the parameters included.
How do I show that a spreadsheet has been only shared on a need to know basis??
Not sure if this level of tedium is the norm for a soc2 type II engagement but this has been the most frustrating thing I've worked on all year.
John H "looking for work"
in reply to Mr. Crab - Sysadmin from Heck • • •My favorite auditor experience wasn't for SOC2 but it shares your frustrations. This was probably 12 or 13 years ago.
Auditor comes in and starts asking for proof that we are running anti-malware software. So we showed him some reports and some scans showing the agent was running on all our workstations and servers.
Well, this guy starts asking why we don't have antivirus software running on our routers and switches. We try to explain to him that there is no such thing and that the networking gear doesn't have the capability or requirement to scan for viruses. He insisted that AV vendors have a product for networking gear.
We even reached out to our networking gear provider and got an email from them saying there was no such thing.
He still gave us a negative assessment on that part of the audit.
Mr. Crab - Sysadmin from Heck
in reply to John H "looking for work" • • •silverwizard
in reply to Mr. Crab - Sysadmin from Heck • •Mr. Crab - Sysadmin from Heck
in reply to silverwizard • • •silverwizard
in reply to Mr. Crab - Sysadmin from Heck • •