Get Started
From clone to customization in five steps.
1 Choose a policy set
Review the comparison table to find the right fit. Start with Minimal SOC2 if you're unsure.
2 Clone or fork the repository
Each set is hosted on GitHub. Clone it to your organization:
git clone https://github.com/open-access-policies/minimal-soc2.git3 Customize for your organization
Replace placeholders like [Company Name] with your information. Modify policies to match your actual practices.
4 Implement and document
Policies are only valuable if followed. Use these as a foundation, then document how your organization implements them.
5 Stay updated
Watch the repository for updates. When frameworks change, pull updates and merge with your customizations.
Licensing FAQ
Can I use these for my company?
Yes. The CC-BY-SA-4.0 license allows commercial use. You can use them at a for-profit company without paying.
Can I modify them?
Absolutely. You should modify them to match your actual practices. Generic policies won't help you pass an audit.
Do I need to give credit?
Yes. Add a note in your internal documentation or policy footer. You don't need to display it publicly.
Can consultants use these with clients?
Yes. The same attribution and share-alike requirements apply.
What does "share-alike" mean?
If you distribute modified versions publicly, they must use the same license. Internal company use doesn't require sharing.