Author here: weird, I've never experienced that (10+ years doing this silly exercise, on both sides).
Various vendors have offered their own compliance frameworks - PCI reports, SOC2, whatever -- and I'm happy to read those instead; they tend to have (most of) what I'm looking for. I've never been charged for the pleasure, though. Guess I have something to look forward to!
Various vendors have offered their own compliance frameworks - PCI reports, SOC2, whatever -- and I'm happy to read those instead; they tend to have (most of) what I'm looking for. I've never been charged for the pleasure, though. Guess I have something to look forward to!