Complying with corporate customer's Security Checklist: A guide for startups

21 Jul 2023 - Frans Vanhaelewijck

CheckList Made by jcomp

Growth and expansion are crucial if you are working in a startup. Frequently, this growth leads startups to target bigger, more profitable customers. However, as we have outlined in previous blogposts, this comes with significant overhead. One of these overheads is the big corporate customer’s compliance checklist or security questionnaire. Now, you may not always be willing to spend the time on filling in these questionnaires. (see last week’s post But if you do, see below for practical tips.

What is a Compliance Checklist?

A compliance checklist or a security questionnaire is typically a document or an Excel sheet that can run into several pages, sometimes even comprising hundreds of items. This checklist is a comprehensive list of standards and procedures that your startup needs to meet to provide services or products to a big corporation.

The initial investment

The initial questionnaires you complete will likely consume a lot of time. This is perfectly normal. Spend some time on these first few, ensuring they are especially clear and concise. It’s highly likely that your subsequent questionnaires will have about an 80% overlap with these initial ones, making the process significantly more manageable in the future.

More than Yes/No Questions

At first glance, you may notice that many of these questions seem to be simple “yes/no” queries. However, it is beneficial to go beyond a simple answer. Take your time with each question, even if it seems direct or straightforward. Why? Because these answers serve as an opportunity to demonstrate the merits of your product or service.

Responding in detail will give your potential customer insights into your operations and make them understand better how you can meet their needs. It provides you with a chance to showcase your product’s features, capabilities, and safeguards in place. This not only satisfies their query but also makes your product more appealing to them.

What’s in it for the customer

Every item on the compliance checklist is essential. There is a reason why they are part of this extensive list. Each question is designed to ensure that your product or service meets the specific security and operation standards set by the big corporation.

The thorough compliance with these checklists is necessary to build trust with these corporations. It reassures these corporations that your startup can meet their stringent requirements and that you respect their security and operational protocols. This trust forms the basis of a fruitful business relationship with your bigger customer.

Moreover, a detailed response on these compliance checklists can serve as a self-audit for your startup. It allows you to assess your product, identify potential loopholes, and improve it further.

What if you don’t (yet) support a feature?

While honesty is imperative when responding, aim to avoid simply answering “no”. You may not meet the exact requirement stated in the questionnaire, but there could be other features you offer that adequately address the issue at hand. If you do not currently meet a specific requirement, don’t hesitate to provide context and share your plans for the future. Outline your past actions, present capabilities, and future plans related to the topic. Giving the customer an understanding of your roadmap can reassure them that the feature in question is being considered for future development. Even if you currently do not support a specific feature, you could mention that if the customer commits to a sufficient volume of business, you are open to discussing the possibility of adding this feature to your roadmap (if, of course, it’s a feasible option).

Tips from the trenches

Here are some practical things we’ve learned working through many questionaires:

Conclusion

While tackling a compliance checklist may seem a daunting task, it is an integral part of dealing with big corporations. Rather than viewing it as a burden, consider it as an opportunity. An opportunity to showcase your product’s capabilities, to build trust with your potential customer, and to self-assess and improve.

Always remember, the goal is not just to get a yes on all questions but to demonstrate the merit of your product or service. Taking the time to thoroughly answer each question is, indeed, time well spent.



frans@vanhaelewijck.com