Posted by Kimmo Koivisto
We sometimes receive inquiries from our customers about why we have an ISO 27001 certificate but not a SOC 2 attestation. We feel that they are competing standards with a lot of similarities. Both are targeted at improving information security management, and they share multiple requirements. While they overlap, they also differ. Below is our take on the differences and why we feel ISO 27001 is more suitable for us.