I Might (definitely) Need Security
SOC 2 Type II is a good starting point, but there are many other requirements in order to meet a prospects security requirements
As Founders start to get into aspirational sales cycles, whether it’s with Series B+ darling software companies or Enterprises, security eventually gets in the way of moving faster than you’d like.
We see it all of the time that Founders and scaling sales orgs think they have the “security step” covered, until additional topics come up post SOC 2 review, especially when a questionnaire is involved. The great companies like Vanta, Drata, Secureframe and others have helped companies reach compliance faster and provide early-stage and late-stage companies security best practices. That said, there are still a lot of internal steps you can take to ensure you can meet the security standards of your prospects and customers.
Over the past few years, I’ve constantly shared the SaaS CTO Security Checklist originally created by the folks at Sqreen. It’s still super relevant today but to make this a bit more actionable, we turned it into an interactive Notion doc you can use with your team internally. We’ve also made some refresh changes and additions to this checklist based on guidance from amazing CTOs and Security experts at the best startups in software.
Let us know what we missed, should include, and how to make this better. We all want to simplify our security step in sales cycles…!