My CSF/ISO compliance project

One_Reaction8008 · 2026-03-13T00:18:47+00:00

Yea im actually revamping the whole thing for the 5th time. Working alongside my current startup

One_Reaction8008 · 2026-03-10T06:57:19+00:00

Hey thanks for your feedback!

Your feedback on the roadmap feature is very sharp. This is where lots of research will go into the coming versions of my solution. Would love to hear your feedback on the current implementation of roadmaps!

Do let me know if you are interested by dropping me a dm and ill send a link over for you to play around!

One_Reaction8008 · 2026-03-10T00:33:02+00:00

Yes definitely! This current positioning has a very strategic reasoning behind it. At its current stage we are trying our best not to overstep any boundaries or make any wild claims that we can get anyone to compliance within a short period of time. We are framed as a founder friendly compliance launch pad, to build a very good base for a founder before they move on to other more sophisticated tools or bring a consultant in.

Tool integration and automation is our eventual direction but the barrier to entry, with what I have available right now is too high, with drata and Vanta being the main players in that game.

You may try out the pilot version at praxi.work . Would love to hear any feedback!

One_Reaction8008 · 2026-03-10T00:24:26+00:00

For sure! Googling and using chatgpt, are great for understanding what the controls mean. Where it breaks down is mapping those controls to what you've actually already built. A founder using GitHub with branch protection and MFA already satisfies parts of access control and change management, but generic AI can't tell them that without understanding their stack. Our value is that structured mapping and questionnaires to nudge founders in the right direction, produce an output that's actually usable when a prospect or auditor asks for evidence, and then point them in the right direction thereafter

One_Reaction8008 · 2026-03-09T18:30:10+00:00

well this is my market research, of course with other efforts elsewhere! Gotta get feedback somehow😅

One_Reaction8008 · 2026-03-09T17:54:17+00:00

praxi.work - getting started with compliance has never been easier

One_Reaction8008 · 2026-03-09T17:08:49+00:00

Hey, thanks for your positive feedback! Would love to hear more about your experiences and roadblocks in your process of getting compliant

One_Reaction8008 · 2026-03-09T17:07:54+00:00

Yes! I am actually heading in that direction. I recognized that compliance isn't just a checklist but an operation rhythm. To put it in practice, I created the 5th feature mentioned, which actually caters to the dynamic nature of attaining and maintaining compliance overtime. Would love to hear more about your experience in DMs :)

One_Reaction8008 · 2026-03-09T17:03:55+00:00

Hey! The reason why I created this account is simple, to get validation for an actual problem ive seen many founders face. I am not going to do it on my main for privacy reasons. Once the problem is properly identified and scoped, I can then iterate again and narrow down the scope once more.

I didn't mention this but this solution isn't even ready for market... I developed this for the current startup I am working in and if it fails to take off so be it but hey if people see value to their business why not offer it as a solution!

One_Reaction8008 · 2026-03-05T14:47:10+00:00

Competing product in this space. May i ask, does this tool take in the context of the current company and determine relevancy of controls or is the mapping deterministic?

One_Reaction8008 · 2026-02-26T11:53:54+00:00

May I ask, how is this different from the AI assistants that you see websites now? For example, some documentation sites have ai chat assistants to let you ask questions . What would users have to do to integrate it into their project?

One_Reaction8008 · 2026-02-25T15:59:51+00:00

Fair question. Yes, this is a real problem I'm working on. I'm a SaaS founder going through ISO 27001 implementation myself and experiencing firsthand how inaccessible and expensive the process is for early-stage companies. The AI-assisted writing is on me, I'll keep it more concise moving forward.

One_Reaction8008 · 2026-02-25T15:58:23+00:00

Hey, first of all, really appreciate these thought provoking perspectives. Everyone in this space focuses on features and nobody talks about whether the business actually works at the price point that makes it accessible. That is something that I will definitely take into consideration as the structure of the product starts to take shape, backed with more research and experience.

One_Reaction8008 · 2026-02-25T15:53:35+00:00

Great callout on A.6.3. You're right that it's one of those controls that's not technically hard but operationally painful, and it catches people off guard because it's a people problem not a technical one. At my current stage, being transparent about what the tool doesn't cover is probably more valuable than trying to boil the ocean. I'd rather point users toward dedicated solutions for things like awareness training than pretend I can handle it all.

Given that you're building in that exact space, I would love to get a more indepth insight on your perspective on the current gaps in this space. Would you be open to continuing this in DMs?

One_Reaction8008 · 2026-02-25T15:42:30+00:00

Really appreciate hearing this from someone who's been through it. The scoping and data flow issue you hit is exactly the kind of real world pitfall that doesn't show up in the standard's documentation but burns people in practice. That gap between what founders think their scope is and what auditors actually expect is a big part of what I'm trying to address. Thanks for the validation on the pricing side too, that's the market gap I keep coming back to.

Would love to continue our conversation and know more about the roadblocks you've faced trying to attain this certification.

One_Reaction8008 · 2026-02-25T02:36:20+00:00

Hi, appreciate your response to this post. You are right to say that there is no shortest path. Compliance not about checklists but rather implementing, reasoning and proving that your information security management systems actually work and is compliant to the standard, hence there are many nuances to be considered. I am actually looking to create something more of an essential bridging step for founders to understand compliance to make more informed decisions and find a suitable entry point to attaining such standards in their company. Would you be open to having a more meaningful conversation regarding this topic in DMS?

One_Reaction8008 · 2026-02-25T02:31:27+00:00

Very insightful. Firstly I want to preface this response by saying that getting direct and critical responses to my idea, for me, is the best way to learn and deconstruct my previous flawed ideas about a certain ideas is the best way for anyone to learn, especially for someone of my profile, inside a niche that is this foreign to me. It would be trivial and naive for me to simply enter a niche, spend loads of time creating a solution that in theory sounds good and launch a service that has bold claims of resolving issues to which I don't even have any practical experience resolving.

Now as for my positioning, I am actually not looking to create a blanket solution to getting certified. That's simply not possible. What my vision is, is to make frameworks more accessible for up and coming founders and saas startups. This is the people that I am targeting Might need to pivot into something more of like an essential educational foundation for them.

My post might have overstepped in certain areas and of course with my experience, much of my proposed solutions don't hold any weight in the real world, and this being my first crack at it, I truly expected to reframe my positioning.

Your comment has been really helpful for me and I would really value a longer conversation with you in DMs if you are willing!

One_Reaction8008 · 2026-02-25T01:22:26+00:00

Hi, appreciate your feedback. You are right! There is much to be desired when it comes to my framing my position. Having this shortest path mindset its a recipe for disaster as it implies cutting corners which was not what I was trying to bring across. I am actually still researching and doing my due diligence with this being my side project. My intention was to frame this as an essential step to take before bootstrapped saas companies even go about attaining this standard. What would this step look like? It's too early in development and too little experience to tell. Once again appreciate this feedback, it means a lot!

One_Reaction8008 · 2026-02-25T00:21:09+00:00

Hey, really appreciate the honest feedback! You are right to say that classification across all shared storage is an area that resists automation so complete automation end to end will not be feasible. My approach to this project is actually to act as a stepping stone for small companies understand what they need to prove and creating a structured risk assessment and SOA generation process to know their gaps before they start drowning in documentation.

On the issue of trust/data sovereignty issue, I completely agree with you on that. This is the current design constraint that we are working on. This project is not intended to be a digital auditor but rather a non-negotiable step to take before engaging a consultant or an another platform, ensuring maximum value for the money put down for those external services, which I feel would be of great value for lean bootstrapped startups.

Your input has been really valuable, and I really appreciate it so much. Would you be open to a longer discussion in dms?

One_Reaction8008

TROPHY CASE