Ask HN: How to handle sensitive document uploads as a one-person SaaS?
I am thinking of a product many businesses would find it useful but my only concern is that the product revolves around sensitive documents(like lawyer's documents but can be extended to other industries too). The product is already built by many companies but I have found a unique angle that I think would benefit my users. I am not a team and I don't know how to handle laws of sensitive documents as a business entity(and those documents might live on AWS S3/similar services).
14 comments
[ 4.4 ms ] story [ 40.4 ms ] threadie. a Salesforce App.
That way, they already use/trust the environment where the storage/processing of their sensitive data is taking place, akin to an old school 'on prem' solution (but without as much headache for you)
Worth thinking about
I work as ISO 27001 auditor, and help companies get ISO 27001 certified in no time (1-2 months), with a budget from 5k - 8k in total (external support and certification included). The goal it to keep it simple, save costs, and in the end get the company certified.
Anyhoo, I don't think thousands of dollars for certification makes sense for a solo dev who is kicking an idea around.
You could also make it a control plane and the customers run it in their cloud. You would need a tech savvy customer who already uses say AWS.
Desktop app or Chrome extension is another possibility.
It’s better to piggy back on another teams hard work than build from scratch.
Speak to your potential customers and find out what they'd want to see to make them trust it, and what their data requirements are.
What's the angle BTW? Please provide as much info as possible. Thx :D
Security isn't the same thing as compliance.