Skip to main content

Minimum Viable Secure Product

Minimum Viable Secure Product (MVSP)

Available on Community subscription plan.

Minimum Viable Secure Product (MVSP) Available is a security checklist for B2B software and business process outsourcing vendors. The checklist is created with simplicity in mind, containing only those measures that must be put in to assure a product's least feasible security posture. We propose that all organizations developing B2B software or otherwise managing sensitive information implement at least the following procedures, and are strongly encouraged to go well beyond these in their security programs. Along with other well-known organizations such as SalesForce, Google, Okta, Slack, Secureframe, Safebase, and others, Unicis is a partner and contributor.

MVSP Resources:

What is its purpose?

It can be used for a variety of reasons, but the most common are those listed below.

Requests for proposals

The documentation for MVSP controls is brief and easy to understand. Can give you a common cybersecurity benchmark for choosing vendors and makes the duties of the sourcing teams easier.


Startups and SMEs that aren't yet established enough to invest in costly international compliance initiatives like ISO 27001, SOC 2, or PCI DSS might use MVSP as a starting point to guarantee the security posture of their MVP.

Third-party security

In order to determine whether you are taking care of security and have poor corporate cyber hygiene, large firms who want to become clients, partners, or customers try to triage vendor security posture surveys.

Unicis solution

The MVSP checklist and controls have been implemented into the following Unicis apps.

Atlassian Apps

Unicis Platform

Atlassian Marketplace - Unicis Apps


General Data Protection Regulation (GDPR)Minimum Viable Secure Product (MVSP)ISO/IEC 27001NIST Cybersecurity Framework v2.0EU NIS 2 DirectivePayment Card Industry Data Security StandardSystem and Organization Controls 2 Type 2The CIS Critical Security Controls for Effective Cyber DefenseCloud Controls Matrix (CCM)C5 (Cloud Computing Compliance Controls Catalogue)