Delve

Pros: Their process is ridiculously easy and simple, and even though their promise to get you compliant within days is a complete fiction, it is still pretty fast, which is mostly the result of ignoring important compliance requirements and cutting corners.

Cons: What makes them great is also what makes them a bad choice for any company that wants to do a decent job. They are fast, but they do the absolute bare minimum or less in most places.

I can understand why some founders who have never gone through this process before would say this is the easiest solution, most of them got a SOC 2 report at the end of the minimal process after all (probably with an exception or two, which Delve loves to dismiss once it happens), but they simply don't understand they're only ticking about a third of the boxes partners generally require.

Overall: Overall this was a pretty negative experience, which surprised me since I've been seeing great things being written about them on socials. Reps from other companies warned us specifically against going with them, because they were allegedly known for their false claims, bad product and report rejection rate.

Delve's sales rep ensured me this was just fear mongering from competitors because Delve was winning from them, and asked me why companies like Lovable and Bland would choose them if they were so bad.

When I asked them about the quality of their auditors they rattled off a list of auditors they claim are reputable, and that they have never had a problem with them. I picked one of the more well-known ones out of that list, and guess what? We had a sizeable number of exceptions and ended up needing to have another audit performed. I bet if we had gone with their lesser known auditors the report would have come out squeaky clean.

I made the mistake of believing them, thinking they were young founders and builders, but that ended up being a big mistake. I actually don't understand why companies like Lovable and Bland would use them, since there is no way they did SOC 2 well using Delve.

Pros: Their responsiveness was impressive, though the quality of their answers were not. The product looks pretty good in terms of design.

Cons: Their AI didn't automate nearly as much as they make it out to be. They lack many important integrations, and the ones they have break all the time. Their remediation LLM made up incorrect and dangerous instructions on multiple occasions.

Overall: Felt like a shallow product that is riding the AI hype wave and pretending to automate the future. The reality is that you end up having to do more manual work than with some of the other platforms out there. We chose them because they were the cheapest and because they claimed to have everything other platforms have as well.

Pros: The Delve team got us across the finish line for HIPAA really fast, and we had to do very little on our end.

Cons: The whole experience felt rather shallow.. they gave us policy templates but we actually never read them. We got a pentest, but it lacked depth.
Whenever we had technical security questions we never felt like we actually got a good answer.

Overall: Decent platform if you are looking to get compliant ASAP and need a team to do it for you. It feels like a lot of handwaving, but if you don't care about that then Delve is an alright option.