Focus on Disrupting, not Getting Disrupted
You started your SaaS company to shake up a business segment, fill a gap, or build a product that was significantly better than those you saw in the marketplace. Doing this required a laser focus on getting your MVP in front of initial clients, getting funding, and making every hour and every dollar count towards your business goals.
Now you are a few years in, and you continue to thrive. More and more clients are using your product every day, and with smart and effective management, business is increasing according to plan. You may also find your goal to IPO, ICO, or become acquired for a significant sum is no longer appearing to be just a dream, but is becoming reasonably likely.
This is not an article to highlight how getting ISO 27001 certified or obtaining your SOC 2 attestation can increase your valuation, potentially shorten your due diligence timeframe, or make your company more attractive to buyer. Though it can.
Nope, I want to tell you that “getting your badges” does not mean reallocating your best team members to support compliance implementation efforts. It is possible to keep your velocity while preparing for your chosen compliance framework.
Your company is succeeding because you made good choices planning your market approach, hiring good people, and selecting good tools. It just may not all be documented or correlated in a way that is immediately apparent to the auditors who will be assessing your policies, processes and controls.
Here’s how to maintain momentum and prepare for compliance:
Set the Mindset from the Top: From the CEO on down, share the goals for compliance, emphasize the why and acknowledge that the short term sprint to “level up” will yield respectable, long-term gains that everyone will share.
Highlight Efficiencies, not Deficiencies: Unlocking tribal knowledge and capturing unwritten but well worn best practices will be key to mapping controls to risks and processes. Often teams are actually making good decisions, and are only lacking official documentation that codify daily activities.
Partner with Experts: You need an experienced team that can translate cloud, business, security and data management into compliance, audit and regulatory speak. Examine their credentials and emphasize that you want to document your good processes, not shoehorn in outside compliance templates that will inevitably distract teams and reduce business velocity.
The consulting team that comes in prepared to translate and document your world with minimal disruption, that can ask solid questions and make keen observations will save you weeks of time, countless headaches, and will produce a draft report that auditors will understand first pass and with fewer questions.
You are more ready than you think. I’d be happy to chat and share with you how other SaaS companies in your place have fared leveraging our team.
The information presented in this article is accurate as of 2/26/2018. Follow the ScaleSec blog for new articles and updates.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond.