Twitter isn't an operational dependency of ours and we don't attest to it at all.
It also doesn't require we do that: what SOC2 actually demands of vendor security practices is much more complicated (and performative) than that. If Twitter were a real vendor dependency of ours, most of what we'd need would be a SOC2 attestation from them.
Given the CEO's responsibility for starving children to death through his political activities, there's an argument for not having any dependency at all on Twitter.
