Founders who went through SOC 2 / ISO 27001 — what was the most painful part?

Talking to a few founders lately about SOC 2/ISO 27001 and trying to understand

the real experience (not the marketing-page version from Vanta/Drata).

If you've been through it (or are avoiding it), curious about:

- Did you do it yourself, hire a consultant, or use a platform?

- What actually took the most time / was the most annoying part?

- Did a specific deal or investor actually require it, or was it "nice to have"?

- If you haven't done it yet — what's stopping you? Cost, time, or just not

knowing where to start?

Not selling anything, just trying to understand the real pain points before

building/recommending anything in this space. Happy to share what I find back

in the thread.

reddit.com
u/Weary_Net7839 — 9 hours ago
▲ 2 r/WGUCyberSecurity+1 crossposts

Founders who went through SOC 2 / ISO 27001 — what was the most painful part?

Talking to a few founders lately about SOC 2/ISO 27001 and trying to understand

the real experience (not the marketing-page version from Vanta/Drata).

If you've been through it (or are avoiding it), curious about:

- Did you do it yourself, hire a consultant, or use a platform?

- What actually took the most time / was the most annoying part?

- Did a specific deal or investor actually require it, or was it "nice to have"?

- If you haven't done it yet — what's stopping you? Cost, time, or just not

knowing where to start?

Not selling anything, just trying to understand the real pain points before

building/recommending anything in this space. Happy to share what I find back

in the thread.

reddit.com
u/Weary_Net7839 — 1 day ago