First of all, why care? Compliance is a messy process. As Startups scale, it can be very very costly & a lot of existing tools don't give you the best bang for your buck, especially as a smaller team on AWS going through SOC 2 for the first time. I created something to fix that.
A ton of time for teams is spent perfecting SOC 2, trying to prove trust to their customers, unlock enterprise deals, or even scale & grow. The end goal for any company is to grow. We help them grow faster, in a more verifiable way, and customizable to their needs rather than one-size-fits all solutions.
To preface: I'm a student at Northeastern, building around this space after seeing manual compliance & broken automated processes burn a ton of time for family members.
What is it: Its a way of automating busywork put simply. It's a customizable compliance agent that connects via AWS APIs, collects evidence, maps it to controls, & generates an auditor report.
Basically turbotax for security audits.
Best Use Cases: SOC 2 Evidence Automation, Verifiable evidence reports, Policy Writing, Risk Management automation, customizable controls for the user.
Made for lean, SaaS/Fintech/Healthtech teams (1-30 members) that use AWS/Github for infrastructure, undergoing or thinking about their first SOC 2 Type l audit.
Includes:
-> Pre-audit readiness scan (completely frictionless & fee): An Agent connects to your AWS via APIs, collects evidence across 40+ AWS Services & Maps it to 12 core SOC 2 Controls (TSC). ~2 mins to completion
-> Platform where user has their own individually managed org workspace. Create their own customizable controls & run the scan continuously to collect evidence. What is customizable controls? the unique policies, & procedures that your company uses, integrated into the SOC 2 ecosystem with the click of a button.
-> Verifiable reports. Reports that can be sent to an auditor in under an hour. Verifiable, SHA-256 tamper evident chains of custody that includes the exact timestamp, control & service for each evidence item. Why is this important? Many existing tools are black-box dashboard with a checkmark. To save WEEKS if not MONTHS of back & forth with auditor friction, this is an easy way to verify evidence.
here's a free checklist for taking the time to read through this (i'm sure its more fun watching paint dry on a wall then to read about compliance):