Hey everyone! I’d love to hear your thoughts on SOC 1 applicability for organizations that are neither financial service providers nor traditional cloud infrastructure providers. Are you seeing auditors of public companies increasingly requesting SOC 1 reports from non-financial application service providers? Curious whether this is becoming a pattern or still relatively rare.
Separately, my understanding is that Vanta doesn’t offer a “ready-to-go” SOC 1 framework, is that correct? If so, what’s the recommended approach - building a custom framework?
