Readiness Process

Sprint Timeline

The engagement follows structured phases, each building on the outputs of the previous one.

1

Intake

2–6 days
  • NDA & stakeholder map
  • Document request
  • Scoping interviews
  • System boundary draft
2

Assessment

9 days
  • TSC selection
  • Type 1/Type 2 recommendation
  • Control walkthroughs
  • Evidence sampling
3

Outputs

9 days
  • Controls matrix & gap register
  • Policy/document backlog
  • Evidence calendar
  • Executive readout & roadmap
4

Follow-on

Variable
  • Remediation implementation
  • Type 2 observation period

Phase Details

1. Intake & Scoping Week 1

We start by understanding your product, audience, and current compliance posture.

  • Audience and directed-to analysis — determine whether your service is “directed to children” under COPPA’s standards
  • Current consent mechanism review — evaluate existing parental consent flows and age-gating approaches
  • Third-party SDK/plugin audit — identify all third-party code that may collect children’s personal information
  • Data collection inventory — catalog all personal information collected from users, especially those under 13

2. Assessment Week 2–3

We evaluate your current practices against COPPA requirements and FTC guidance.

  • Age gating mechanism evaluation — assess whether age screens meet FTC standards for neutrality and effectiveness
  • Parental consent flow assessment — review consent mechanisms against FTC-approved methods
  • Privacy notice compliance review — compare current notices against COPPA content and format requirements
  • Vendor COPPA obligation mapping — evaluate third-party responsibilities and contractual COPPA obligations

3. Outputs Week 3–4

We deliver the artifacts that define your path to COPPA compliance.

  • Consent mechanism design — recommended parental consent flow with implementation specifications
  • Privacy notice templates — COPPA-compliant online and direct notice templates
  • Vendor compliance requirements — contractual language and audit procedures for third-party data handlers
  • Data retention/deletion procedures — policies and technical procedures for children’s data lifecycle management

4. Follow-on Ongoing

After the readiness sprint, continued support ensures sustained compliance.

  • Safe harbor program evaluation — assess eligibility for and benefits of FTC-approved safe harbor programs
  • Consent mechanism testing — ongoing verification that consent flows function as designed
  • FTC guidance monitoring — track regulatory updates, enforcement actions, and evolving FTC expectations

Sprint Deliverables

Every readiness sprint produces these minimum deliverables:

Directed-to-children analysis
Consent mechanism design
Privacy notice templates
Age gating recommendations
Third-party SDK audit report
Data minimization review
Vendor compliance requirements
Remediation roadmap

Start Your Readiness Sprint

Most companies complete the readiness sprint in 3–4 weeks. The result is a clear, actionable plan to achieve COPPA compliance.

Get in Touch