A SOC 2 requirement is to have a confidential reporting channel available to employees and external users to report security, confidentiality, integrity, and availability concerns. This requirement is typically met by posting an email on your security page and directing users to email you at security@[domain].com.
If your company uses GSuite, we recommend creating a simple Google Group or an alias for your engineering team. An example of a security email is firstname.lastname@example.org or an equivalent.
Article is closed for comments.