[Oras]

My point was that compliance is about trust. If I want to go the SOC2 or ISO27001 route, I want a company that has done it before.

Free in your case is not free, it's pretty expensive. If I can't comply in time, that might mean losing potential business, being late to the market, etc.

Good luck though, you made the first step.

[asdxrfx]

We understand your concern, and we will focus more on this step for now. Thanks for the feedback. If you have anything else to say, we are glad to listen.

[cadamsdotcom]

The point about trust is important in another way too - it was a pleasant surprise you led with “we’re not compliant (yet), but..”

Tis a great way to engender trust in the team. Bravo for bravely answering honestly. Wishing you folks best of success.