We're excited to announce that we'll be joining the One Trust family! Together we'll help companies get certified, build trust, and win deals. Find out more about it here on the Helm or check out our official press release. Feel free to leave a comment or question regarding the big news.

Ask an Auditor Office Hours #5

Welcome back to our Ask an Auditor hour!

As the end of the year approaches, we will be switching to Bi-weekly hours, however, we encourage you to leave a question for us at any time and we'll get back to you as soon as we can!

Every second Wed from 1-2pm PT, someone from either the Security Labs or Customer Success teams will be on deck for one hour to answer any and all Qs you may have.

This week we're having the Labs Team field your questions.

Here's how to participate:

  1. Submit your Qs in this discussion thread, and go about your day! Or, you can stay on during the hour (1-2pm PT) and submit as many Qs as you'd like.
  2. We will write out an answer to you as soon as we can, and tag you in our answer.
  3. Submit your Qs even when office hours are over - Someone from CS/Labs will answer your Q when they can.

We look forward to hearing from you and hope we can help you out!


  • For SOC2 OM2.5 - Board Responsibility and Independence evidence collection List of Board of Directors and Minutes of Meeting. Is there a scenerio where this doesn't apply to a company and can be ignored for the SOC2?

  • Hey @george_vanderbush ! I reached out to our labs team and got their take on this:

    Part of the control is applicable. If you do not have a Board of Directors independent of management, this control does not apply, but the senior management/executives quarterly meeting and oversight of internal control is applicable. You could probably change the wording to reflect that in your control environment - Organizations without BOD can change the control language with this compensating control: Executive management meets on a quarterly basis for oversight of internal controls, operations and business objectives.