Minimal SOC2
A lean set covering minimum requirements for SOC2 Type I/II. Ideal for early-stage startups.
SOC2
View Policies
Choose Your Policy Set
Each set is designed for a specific compliance scenario.
Quick Comparison
| Policy Set | Best For | Frameworks | Complexity |
|---|---|---|---|
| Minimal SOC2 | Early-stage startups | SOC2 | Low |
| Health Tech | Companies handling PHI | SOC2 HIPAA | Medium |
| Health Tech (HITRUST) | HITRUST certification | HITRUST HIPAA | High |
| Streaming | Media services, global users | SOC2 GDPR COPPA DSA | High |
| Fintech Payments | Payment processors, fintech | SOC2 PCI-DSS GLBA | High |
| Ed-Tech | Education technology, student data | SOC2 FERPA COPPA | Medium |
Not sure? Start with Minimal SOC2 if you're a B2B startup pursuing your first audit. Choose Health Tech if you handle protected health information (PHI).
All Policy Sets
Health Tech
Comprehensive coverage for healthcare technology companies handling protected health information.
SOC2
HIPAA
View Policies
Health Tech (HITRUST)
Extended health tech coverage mapped to HITRUST CSF for organizations pursuing certification.
HITRUST
HIPAA
View Policies
Streaming
For media and streaming services with global audiences. Includes privacy regulations.
SOC2
GDPR
COPPA
DSA
View Policies
Fintech Payments
Comprehensive coverage for payment processors and fintech companies handling cardholder data.
SOC2
PCI-DSS
GLBA
View Policies
Ed-Tech
Policies for educational technology companies handling student data and children's privacy.
SOC2
FERPA
COPPA
View Policies
Need Something Custom?
Different industry or framework requirements? Let's discuss your needs.
Contact for custom work