Chapter 7 of 14
Compliance Review
Tuesday May 12
Janelle has a six-page vendor risk questionnaire she runs on every platform Tideline adopts.
Beat
15
#15Whale's security/compliance team raises questions
Scott walks Janelle through TC's security posture: SOC 2 Type I in progress (target July 2026), Type II on track for July 2027. Multi-tenant architecture per 4.6: Tier 2 enterprise parent isolated from Tier 3 child MSP tenants; cross-tenant data leakage controls verified by penetration test in Q1 2026. AI provider stack documented. Data retention. Subprocessor list. IR plan. BC/DR.
JF
Janelle Foster · CISO
I'll send my full questionnaire. Get me the answers in five business days and I can have my recommendation to Hank by end of next week.
SP
Scott Pfeiffer · Chief of Staff
You'll have it Friday.
Audit gap · SOC 2 gap-window letter
TC does not currently have a standard "gap-window letter" — used during the period between Type I attestation start and final report. Recommend Scott + Eric draft this template before the next whale enters compliance phase.
Loading…
Add your name to post