Allegations of 'Fake Compliance as a Service' by Delve Raise Concerns
A Substack investigation alleges that Delve, a company providing compliance services, systematically produced 'fake compliance' by fabricating evidence and using questionable auditing practices.
Why it matters
If the allegations are true, it could create a market opportunity for 'verifiable compliance' tools that cryptographically prove control operation and auditor independence.
Key Points
- 1Delve is accused of generating fake evidence and pressuring customers to adopt it
- 2Delve allegedly breached auditor independence by producing auditor conclusions and reports
- 3Delve is claimed to have leaked confidential client audit reports via a public Google spreadsheet
Details
The article discusses a Substack investigation that alleges Delve, a company offering compliance services, has been systematically producing 'fake compliance' by fabricating evidence, pre-writing auditor conclusions, and using certification-mill auditors through US shell entities to rubber-stamp SOC 2 and related frameworks. The post claims Delve convinced hundreds of customers they were compliant while skipping major framework requirements and presenting 100% compliance. It also alleges Delve generated fake evidence that 'never happened' and pressured customers to adopt it or do manual work. Additionally, the post claims Delve breached auditor independence by effectively 'wearing the auditor hat' and producing auditor conclusions and reports that claim independent verification. The article also mentions that Delve allegedly leaked audit reports and confidential information via a publicly accessible Google spreadsheet.
No comments yet
Be the first to comment