Moov SOC2 Audit Documentation
This repository consolidates all documents related to Moov's SOC2 audit and compliance policies using strongdm's comply framework.
Structure
narratives/ Narratives provide an overview of the organization and the compliance environment.
policies/ Policies govern the behavior of employees and contractors.
procedures/ Procedures prescribe specific steps that are taken in response to key events.
standards/ Standards specify the controls satisfied by the compliance program.
templates/ Templates control the output format of the HTML Dashboard and PDF assets.
Building
First you'll need to install comply and then run make build
.
Publishing
The output/
directory contains all generated assets. Links in the HTML dashboard a relative, and all dependencies are included via direct CDN references. The entire output/
directory is copied into our moov/soc2
docker image and served with nginx.
Dashboard Status
Procedure tracking is updated whenever comply sync
is invoked. Invoke a sync prior to comply build
to include the most current ticket status.
Procedure Scheduler
Any procedures/
that include a cron
schedule will automatically created in your configured ticketing system whenever comply scheduler
is executed. The scheduler will backfill any overdue tickets.
Getting Help
channel | info |
---|---|
Google Group moov-users | The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to moov-users+subscribe@googlegroups.com. After receiving the join-request message, you can simply reply to that to confirm the subscription. |
Twitter @moov_io | You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories. |
GitHub Issue | If you are able to reproduce a problem please open a GitHub Issue under the specific project that caused the error. |
moov-io slack | Join our slack channel to have an interactive discussion about the development of the project. |
Contributing
Yes please! Please start by reviewing our Code of Conduct.
You only have a fresh set of eyes once! The easiest way to contribute is to give feedback on the documentation that you are reading right now. This can be as simple as sending a message to our Google Group with your feedback or updating the markdown in this documentation and issuing a pull request.
- moov.io/soc2 (This project)
License
Apache License 2.0 See LICENSE for details.