SOC2 without the usual paywall – it is free and open source
github.comHey everyone,
Over the last months, I built an open-source solution for compliance. The platform is still early stage, but it is already serving a few customers.
SOC 2 is the first framework with which we started, and as it is mainly good practice (especially early on), I believe it should be openly accessible.
So if it can help you out, feel free to use it!
What is SOC-2?
If you are not at all familiar with the space, you can view SOC2 as a safety checklist for company storing important data online. The idea behind it is to push companies to implement security measures or processes to protect said data.
However, it does not make you secure. You can look at it like a restaurant health inspection—just because a restaurant passes doesn’t mean you’ll never get food poisoning. It just means they’re following the right procedures at the time of inspection.
One of the reason I'm open-sourcing it (and making it free) is the hope that, if I am able to properly tailor the experience to start-up, they implement security measures adapted to their needs early on, they actually follow them, those security measures grow with them, and when they get the SOC2 audit (later), it actually means something.