But how is this related to the internet being archivable? This sort of proves the point that URLs were always a terrible idea to reference in your compliance docs, the answer was always to get the actual docs.
replyIME compliance tools will take a doc and or a link. What's acceptable is up to the auditor. IMO both a link and doc are best.
replyLinks alone can be tempting as you've to reference the same docs or policies over and over for various controls.
Wayback machine URLs are much more likely to be stable.
replyEven if the content is taken down, changed or moved, a copy is likely to still be available in the Wayback Machine.
I would never rely on this vs just downloading the SOC2 reports, which almost always aren't public anyways and need to be requested explicitly. I suspect that that compliance page would have just linked to a bunch of PDF downloads or possibly even a "request a zip file from us after you sign an NDA" anyways.
reply