Giving you template device management policies is one thing, it's a whole other thing to say you don't have to have board meetings and generating fake minutes.
reply100%, accepting pre-generated board meeting notes is egregious. This whole thing is awful and I am in no way defending it. The opposite, I think other compliance as a service companies also need to be scrutinized as well.
replyIf you aren't either having the minimal meetings or written consents per the requirements for the delaware C, something outside Delve's hands has gone off the rails...
replyDoesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project.
replyAs for the pre-filled stuff, that's what other SOC 2 companies mean when they try to sell you "compliance in a box." Not that bad if the company is starting from scratch (<1 year), but not realistic for a company that has an existing IT footprint.
However, the allegations here is that it is fraud. An "AI" company acting as a front for certification mills.