Founders who went through SOC 2 / ISO 27001 — what was the most painful part?
Talking to a few founders lately about SOC 2/ISO 27001 and trying to understand
the real experience (not the marketing-page version from Vanta/Drata).
If you've been through it (or are avoiding it), curious about:
- Did you do it yourself, hire a consultant, or use a platform?
- What actually took the most time / was the most annoying part?
- Did a specific deal or investor actually require it, or was it "nice to have"?
- If you haven't done it yet — what's stopping you? Cost, time, or just not
knowing where to start?
Not selling anything, just trying to understand the real pain points before
building/recommending anything in this space. Happy to share what I find back
in the thread.