JustAutomateIt
HomePlatformFeaturesPricingResourcesAboutSandbox
Log in

JustAutomateIt

Your Business, One View. Your Way.

Services

  • Platform
  • Get Started

Company

  • Security & Compliance
  • Privacy Policy
  • Terms of Service
  • DPA
  • Subprocessors
  • Support

© 2026 JustAutomateIt. All rights reserved.

Security & Compliance

We operate with SOC 2 / ISO 27001-aligned policies and procedures. This page is part of our certification readiness work and is provided for transparency.

Important: We are not claiming certification here. This is our internal documentation library published for customer due diligence.

Privacy & GDPR: We maintain GDPR-aligned data protection practices and can support customer GDPR requirements (e.g. data access/deletion requests) as part of our service delivery. See our Privacy Policy and Data Processing Agreement.

Compliance documentation

Security Compliance Documentation

SOC 2 Type I/II and ISO 27001 Certification Readiness

This documentation library contains all policies, procedures, templates, and frameworks required to support SOC 2 and ISO 27001 compliance certification.

1. Core Policies

Foundational security policies that establish governance and requirements.

DocumentIDDescription
Information Security PolicyPOL-001Master security policy establishing ISMS governance
Access Control PolicyPOL-002User access management and authorization
Password & Authentication PolicyPOL-003Authentication standards and password requirements
Encryption & Key Management PolicyPOL-004Cryptographic controls and key lifecycle
Data Classification & Handling PolicyPOL-005Data categorization and protection requirements
Change Management PolicyPOL-006Change control for systems and configurations
Logging & Monitoring PolicyPOL-007Audit logging and security monitoring
Incident Response PolicyPOL-008Security incident handling requirements
Backup & Recovery PolicyPOL-009Data backup and disaster recovery
Third-Party/Vendor Security PolicyPOL-010Vendor risk management requirements

2. Operational Procedures

Step-by-step procedures implementing policy requirements.

DocumentIDDescription
Access Provisioning/De-provisioningPROC-001User onboarding and offboarding access
MFA Configuration ProcedurePROC-002Multi-factor authentication setup
Secure Configuration StandardsPROC-003Hardening standards for infrastructure
Patch & Vulnerability ManagementPROC-004Vulnerability scanning and patching
Incident Response PlaybookPROC-005Detailed incident handling procedures

3. Risk & Audit Support

Templates and tools for risk management and audit preparation.

DocumentIDDescription
Risk Assessment TemplateRISK-001Risk identification and scoring framework
Risk Treatment PlanRISK-002Risk mitigation tracking
Statement of ApplicabilityRISK-003ISO 27001 control applicability
Control Mapping MatrixRISK-004SOC 2 ↔ ISO 27001 control mapping
Evidence & Audit Log TrackerRISK-005Audit evidence collection log

4. Compliance Framework

Overview pages for compliance frameworks and programs.

DocumentIDDescription
SOC 2 Controls OverviewFW-001Trust Services Criteria reference
ISO 27001 ISMS OverviewFW-002Information Security Management System
Internal Audit ScheduleFW-003Audit planning and checklist
Security Awareness & Training PlanFW-004Employee security training program

5. Supporting Templates

Reusable forms and templates for compliance operations.

DocumentIDDescription
Document Control TemplateTPL-001Version history and control template
Policy Acknowledgement FormTPL-002Employee policy sign-off
Incident Report FormTPL-003Security incident documentation
Change Request FormTPL-004Change management request form

Compliance Roadmap

Phase 1: SOC 2 Type I Readiness

  • Complete all Core Policies (POL-001 through POL-010)
  • Implement Operational Procedures (PROC-001 through PROC-005)
  • Complete Risk Assessment (RISK-001)
  • Populate Control Mapping Matrix (RISK-004)
  • Collect baseline evidence for all controls

Phase 2: SOC 2 Type II Preparation

  • Operate controls for observation period (3-12 months)
  • Maintain Evidence & Audit Log Tracker (RISK-005)
  • Conduct internal audits per schedule (FW-003)
  • Complete security awareness training (FW-004)

Phase 3: ISO 27001 Extension

  • Complete Statement of Applicability (RISK-003)
  • Document ISMS scope and boundaries (FW-002)
  • Conduct management review
  • Prepare for Stage 1 and Stage 2 audits

Quick Reference: Control Domains

SOC 2 Trust Services Criteria

  • CC1: Control Environment
  • CC2: Communication and Information
  • CC3: Risk Assessment
  • CC4: Monitoring Activities
  • CC5: Control Activities
  • CC6: Logical and Physical Access Controls
  • CC7: System Operations
  • CC8: Change Management
  • CC9: Risk Mitigation

ISO 27001 Annex A Domains

  • A.5: Information Security Policies
  • A.6: Organization of Information Security
  • A.7: Human Resource Security
  • A.8: Asset Management
  • A.9: Access Control
  • A.10: Cryptography
  • A.11: Physical and Environmental Security
  • A.12: Operations Security
  • A.13: Communications Security
  • A.14: System Acquisition, Development and Maintenance
  • A.15: Supplier Relationships
  • A.16: Information Security Incident Management
  • A.17: Business Continuity Management
  • A.18: Compliance

Document Maintenance

ActivityFrequencyOwner
Policy ReviewAnnualCISO / Security Lead
Procedure UpdatesAs neededProcess Owner
Risk AssessmentAnnual / After major changesRisk Manager
Evidence CollectionContinuousControl Owners
Internal AuditQuarterly / Semi-annualInternal Audit

Last Updated: 2026-01-11
Document Owner: Security Team
Next Review: 2027-01-11