July 7, 2021

Is using a vendor’s agent tool for your SOC 2 safe and legit?

I’ve been seeing a bunch of startups cropping up that offer “SOC 2 made easy” solutions. But what I’m finding they have in common (with the exception of a few) is that they require the user to install their agent tool on their workstation in order to access their 3rd party data. This seems like a huge security and privacy risk since you don’t know what information is going through their agent tool and what’s being done with it. Has anyone else encountered similar issues with respect to agent tools and not having visibility? Any advice on how to ensure you can protect your company’s data when using these tools?



There’s really no difference between this tool and any other 3rd party software you install. Whatever your process is to assess and accept things like backup agents, AV/Endpoint Security, DLP or even an OS is you should follow that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.