[mikkom]

I have been a CTO/founder in few b2b saas services for maybe 15-20 years (one was scandinavian market leader with 100k+ users).

Anyway

Most important thing is simply: find a problem a business is willing to pay for to solve (i.e. it costs them money and time). Set up a simple MVP if that's possible and grow from there.

Do NOT listen to soc/iso talk on this thread, they are an distraction and you will have a lot of time to do them later. Security audits, certificates etc. Might be important LATER when big accounts will ask for them but not at the beginning (unless you are doing fintech etc).