Sometimes tagging the team helps. I know Data can be managed differently from app to app so I’m curious if the platform as a whole would be considered compliant or if each one has to audited based on use of privacy rules.
What about SOC 3 compilance in the similar case? And what is the key difference in compare with SOC 2? According to this sourse and many others I’ve read that security control focus works again at a specific time point. Is it true?