Very good post. This ticks all the boxes on the fundamentals when spinning up a security program.
SOC2 Type2 is really where you want to be, but it takes time. Navigating compliance for startups is pretty challenging and I see so many not having a clue how to navigate sales without certs but it's super doable, and getting these things finished get you pretty far along towards Soc2 type1, and shows a lot of goodwill to share these practices even _before_ you have any certs
SOC2 Type2 is really where you want to be, but it takes time. Navigating compliance for startups is pretty challenging and I see so many not having a clue how to navigate sales without certs but it's super doable, and getting these things finished get you pretty far along towards Soc2 type1, and shows a lot of goodwill to share these practices even _before_ you have any certs