|
|
|
|
|
|
by temikus
1084 days ago
|
|
|
Ok, so I actually had to deal with this. Pick some sort of standard, for example CAIQ and have an always-up-to-date version of it. You’d be surprised how many customers would accept it if you tell them “hey - we use a standard - is this acceptable?” After that - figure out what certifications will be advantageous. Then automate, automate, automate with something like Hyperproof/Vanta. You will still need a compliance person or more likely a team at that point, so those certs have to unlock some serious money. Otherwise - just stay on top of VSA’s until running a compliance program makes sense. Just don’t fall for the baseless “SOC2 equals enterprise customers” spiel. Analyse your pipeline and regulatory environment and make a call based on that. So many startups spend millions running a compliance program that brings in thousands. |
|
|