Most early-stage founders don’t start with full SOC2 immediately. You can begin with strong security practices, transparent documentation, privacy policy, backups, access controls, and third-party audits before going for certification.

▲

sochix 8 hours ago | parent [-]

What kind of documents should I show customers to make them trust me that I follow best security practices? They trust Soc2 Type2, what else could work?

	▲	zrobotics 8 hours ago \| parent \| next [-]
		If they don't have a strict requirement on SOC2, then either PCI compliance or NSA CISA are more easily done without needing tons of money. Edit: PCI would only apply if you are processing customer funds Iirc, it's been a few years since I went through one but thereay be some caveats for that to apply.
	▲	8 hours ago \| parent \| prev [-]
		[deleted]