26Ara
SOC2: how would a sole-person business comply with pull request requirement?
My very superficial understanding is that for SOC2 compliance, every change must be reviewed so that no one person can make production changes without someone else being involved.
How would that work in a company with one person? Similar if you have two people but sometimes one person is sick. Are you meant to just not ship changes until they are able to work again?
I assume there is some caveat that would allow the single developer to continue functioning. What is that caveat?
