I have been through this as well.
My client accounts for 90% of my current work, but my laptop contains information about many other clients. Due to the excessive access and control that their spyware requires (Cortex XDR with complete remote access capabilities in this case), I was unable to use the same computer that I use for all other work. I have no choice but to use a separate computer unless I'd be willing to hand over all the information and assets I have for other clients, which I am not.
In my case, the client was able to provide me a machine specifically to use with them.
I would say that this is the new norm if you're doing long-term engagements with any company that pursues SOC2.
No comments yet.