Hi,
We are a very small US start-up looking to get SOC2 certified. We already have a Drata subscription.
About us:
- Saas, pure API, no UI, no site where users can login, just an API
- Modern stack, AWS, GSuit, Slack, Github, etc
- Three people team, two developers and one business person all remote
Reasonably paranoid about security, but not experts. We have a good understanding of the basics, but we are not security experts.
We need the certification as a sales tool for some big corporate leads.
We would love someone who can practically do it for us. Someone who can say: for your business you should have thees policies, these controls, etc. Ideally be on with us also during the audit.
Thank you.
PS: If this is not the right place to ask, please let me know where to ask.