Navigating Security, Compliance, and SOC2 as a SaaS Company

Often, when we’re building our business to business (B2B) SaaS products,
our customers might ask us for SOC2 audits or how we’re meeting common
security or compliance requirements in our industry such as HIPAA in
Healthcare IT or PCI DSS in FinTech.

Building a security program is often driven by our assets – such as what
data or access we have – and risk. It’s easy to get caught up in
arbitrary requirements from customers and regulators, which can add
overhead, slowing down and adding cost to an innovative company. Over
time, a startup might accidentally start feeling like a bureaucratic
corporation when the goal was just to do the right thing.

Fortunately, when and how we implement our security program can be up to
us if we know how to navigate the expectations effectively. In this
presentation, we’ll cover different ways to approach these initiatives
to help an organization be more strategic and  we’ll explore topics
like:

* Positioning our product and services in a way to align to industry
expectations, while still remaining innovative
* The conversations with potential customers about security and privacy
* What compliance requirements apply and why as well as how to meet them
* Understanding SOC2 – what is a SOC2 audit
* When to get a SOC2 audit and how to manage expectations before
* The value of SOC2
* Creating the environment for a successful audit without exceptions
* How security can be a competitive advantage