This repository contains a SOC 2–aligned GRC lab built for a fictional B2B SaaS company, SamiraPay, a creator-focused payments and analytics platform.
The goal of this project was to practice real-world GRC workflows, including risk identification, SOC 2 alignment, and control mapping, using scenarios commonly seen in growing SaaS environments.
- Risk register with impact and probability scoring
- Risk-to-SOC 2 Common Criteria mapping
- Risk-to-control mapping with control ownership and evidence examples
- SOC 2 Trust Services Criteria (Security)
- Identity and access management
- Third-party risk management
- Logging and monitoring (SIEM)
- Employee onboarding and security awareness
- Incident response readiness
Note: SamiraPay is a fictional company. This project is for learning and portfolio purposes only.