A simple post here, really aimed at founders that have revenues but are still getting off the ground:
Just Do The SOC-2. Really, do all the “security stuff”, but especially just do the SOC-2. Just embrace it early.
Why? First, you’ll have to do it to close even slightly larger buyers. Second, you’ll be scrambling later to do it once you are forced to by a bigger customers.
This latest data from G2 was helpful:
- 86% of buyers require a security assessment prior to purchase, BUT
- only 24% involve a security stakeholder during research
So doing that SOC-2 and more early can let you check the box and avoid having a “security stakeholder” involved.
A simple post, and a simple point: if you are debating in the early days whether to do SOC-2 or not … do it. Your sales team will thank you.