Security Policy Framework for a B2B SaaS Platform

Open
Main contact
Beyond the Sky Custom Learning
Mississauga, Ontario, Canada
CEO
(7)
4
Portals
(1)
Project
Academic experience
80 hours of work total
Learner
Anywhere
Intermediate level

Project scope

Categories
Risk, audit and compliance Security (cybersecurity and IT security)
Skills
general data protection regulation (gdpr) security policies full stack development training and development data retention business to business access controls operations procurement software as a service (saas)
Details

This project focuses on developing foundational security policies to support a growing B2B SaaS platform that delivers leadership development. As the platform prepares for broader enterprise adoption, formalizing its security posture is essential. Students will create policy documentation aligned with best practices and relevant industry standards such as SOC 2 and GDPR.

The goal is to provide clear, usable security policies that reflect the company’s operations and data handling practices, laying the groundwork for future compliance initiatives. While this is a business-driven project, the focus for students will remain on the technical research, writing, and development of policies, not on broader business analysis or messaging.

Deliverables

Project Goals

  • Research and draft security policies aligned to SOC 2 and GDPR best practices
  • Tailor policies to the current and near-future needs of a SaaS product
  • Recommend prioritized next steps based on identified gaps or risks


Key Deliverables

  1. Security Policy Drafts (3–4 policies selected based on relevance and scope), such as:
  • Access control
  • Data retention and deletion
  • Acceptable use (internal and third-party access)
  • Vendor risk management


  1. Brief Summary of Recommendations
  • Outline of next steps to support audit readiness and implementation


Support Available

  • Weekly check-ins with a single point of contact
  • Access to a senior developer for questions about system architecture
  • Business team available to clarify operational context as needed


We are a corporate training company and ensure that all collaborations, including with student teams, provide meaningful development opportunities. You will be supported in applying your technical knowledge to real-world challenges and will receive guidance from both technical and business leaders throughout the engagement.

Mentorship
Domain expertise and knowledge

Providing specialized, in-depth knowledge and general industry insights for a comprehensive understanding.

Skills, knowledge and expertise

Sharing knowledge in specific technical skills, techniques, methodologies required for the project.

Hands-on support

Direct involvement in project tasks, offering guidance, and demonstrating techniques.

Tools and/or resources

Providing access to necessary tools, software, and resources required for project completion.

Regular meetings

Scheduled check-ins to discuss progress, address challenges, and provide feedback.

Supported causes

The global challenges this project addresses, aligning with the United Nations Sustainable Development Goals (SDGs). Learn more about all 17 SDGs here.

Decent work and economic growth

About the company

Company
Mississauga, Ontario, Canada
2 - 10 employees
Education
Representation
Minority-Owned Women-Owned

Beyond the Sky Custom Learning is at the forefront of AI-driven eLearning, revolutionizing corporate training with cutting-edge training powered by artificial intelligence. Our digital and tech-enabled learning solutions blend immersive storytelling with adaptive AI, ensuring learners gain practical, real-world skills that stick. As pioneers in AI for Learning & Development, we share our expertise on global stages, shaping the future of training through thought leadership. Whether it's IT systems, internal processes, product education, or sales enablement, we design customized programs that drive measurable change by combining AI innovation with proven behavioral science.