16 points wayoverthecloud | 1 comments | 14 Nov 24 00:47 UTC | HN request time: 0.201s | source

I am thinking of a product many businesses would find it useful but my only concern is that the product revolves around sensitive documents(like lawyer's documents but can be extended to other industries too). The product is already built by many companies but I have found a unique angle that I think would benefit my users. I am not a team and I don't know how to handle laws of sensitive documents as a business entity(and those documents might live on AWS S3/similar services).

1. realusername ◴[14 Nov 24 11:34 UTC] No.42135206[source]▶

It's not a technical problem but a paperwork problem, it doesn't matter how do you do it, the client will want to see the ISO certifications even if your app is fully secure.

Security isn't the same thing as compliance.

↑

Ask HN: How to handle sensitive document uploads as a one-person SaaS?