Control checklist

In this page, you will find a checklist of the security controls you should consider implementing in your startup.

The checklist is dynamic: The controls will change based on your selection of startup stage (Seed, Series A+) as well as domain (Corporate, Product infrastructure, Product). The checklist is divided into categories ranging from Identity and Access Management to Governance. For easier navigation, you can scroll down or up the categories displayed by using the menu on the left. Press on each control to expand it with added context and explanation or press “Expand All” to see controls in an expanded view.

The checklist is customizable: You’re welcome to cross out controls that are irrelevant to your use case or the ones you have already implemented by using the X mark (X) on each control. You can also use the check mark (✔) to indicate controls that are extremely important and you want to highlight them.

The checklist is exportable: When you are done, you can export the list of controls in various formats and refer to in the future when convenient to you.

The checklist is open to feedback: As an open-source project, the S4S initiative strives to improve from ideas shared by the community. If you believe any changes should be made to the checklist, please suggest your ideas and improvements via our GitHub repository.