Assessment: Project Compliance

[eddie-knight]

Is your project already compliant with some regulatory standard, such as PCI-DSS, COBIT, ISO, GDPR, or others? That knowledge will help focus a lot of the review audit efforts later.

If the answer is yes, include a list of what standards the project is compliant with, and how that compliance has been validated.

If the answer is no, leave a note regarding why that is the case. Is the tooling not intended for use in regulated settings? Have you not gotten that far into your development yet? Will it need to be compliant in the future? Leave notes here accordingly.

In the example below, we may need to consider regulatory compliance in the distant future, but that consideration is out of scope while we focus on creating tools that our users harness in non-production environments.

## Project Compliance

Privateer does not currently adhere to any compliance standards. This is because the currently supported usage of Privateer is to execute raids on non-production environments.

### Future State

The Privateer roadmap includes preparation for eventual production support, which is why we are seeking to hold Privateer to a high security standard. We hope to include prod support sometime after the official v1 release.