This project focuses on developing foundational security policies to support a growing B2B SaaS platform that delivers leadership development. As the platform prepares for broader enterprise adoption, formalizing its security posture is essential. Students will create policy documentation aligned with best practices and relevant industry standards such as SOC 2 and GDPR.

The goal is to provide clear, usable security policies that reflect the company’s operations and data handling practices, laying the groundwork for future compliance initiatives. While this is a business-driven project, the focus for students will remain on the technical research, writing, and development of policies, not on broader business analysis or messaging.

Project Goals

• Research and draft security policies aligned to SOC 2 and GDPR best practices
• Tailor policies to the current and near-future needs of a SaaS product
• Recommend prioritized next steps based on identified gaps or risks

Key Deliverables

1. Security Policy Drafts (3–4 policies selected based on relevance and scope), such as:

• Access control
• Data retention and deletion
• Acceptable use (internal and third-party access)
• Vendor risk management

1. Brief Summary of Recommendations

• Outline of next steps to support audit readiness and implementation

Support Available

• Weekly check-ins with a single point of contact
• Access to a senior developer for questions about system architecture
• Business team available to clarify operational context as needed

We are a corporate training company and ensure that all collaborations, including with student teams, provide meaningful development opportunities. You will be supported in applying your technical knowledge to real-world challenges and will receive guidance from both technical and business leaders throughout the engagement.