Comply

Everything you need to complete SOC2 (Open Source)

Comply approaches SOC2 from a developer’s perspective. Download a pre-authored library of 24 policies, edit directly in markdown, track versions with Github, assign compliance tasks through Jira and monitor progress in a unified dashboard. It's 100% free and open source.

Reviews

Trace Cohen
Quotail
Om Malik
 +4 reviews

Discussion

Hunter
MakersThere are no makers yet
You need to become a Contributor to join the discussion - Find out how.
Justin McCarthy
Justin McCarthy@jmccarthy · CTO & co-founder, strongDM
Hi PH, Justin here from the Comply project. Our team recently went through another SOC2 audit, and decided this time around we'd like to share some of our lessons learned. I've been a part of security and compliance for other regimes as well (PCI, HIPAA, 👋🇪🇺GDPR) -- and one thing all of these systems share is an unabiding love for documents! 📚. As a developer, writing 80 pages of policies in Word docs reminded me just how much I love git. We wanted policy documentation that felt more like code documentation and the workflow to be as convenient as the Devops automation we use every day. In short, we wanted compliance to feel more like software. We're publishing Comply today to establish a free, open source foundation for a successful SOC2 program. Comply includes: * 30 baseline policy templates * Integrated markdown-to-PDF document pipeline * Ticketing automation (for tracking compliance tasks in Github, Jira, etc) * An online course distilling lessons learned from SOC2 veterans We’d love to hear from you about what else you’d like to see in an open source compliance tool. If you’re feeling ambitious, we’d love for you to contribute to the project as well. Thanks!
Hiten Shah
Hiten ShahPro@hnshah · Crazy Egg, Product Habits & FYI
@jmccarthy thanks for putting this amazing resources together. You really can't grow a SaaS upmarket without a SOC2 audit these days, so Comply is going to save a lot of people a ton of time!
Justin McCarthy
Justin McCarthy@jmccarthy · CTO & co-founder, strongDM
@hnshah That's the idea! SOC2 really should be within reach for any SaaS team, we're hoping Comply can give teams a useful baseline.