So it's now almost 3 years since i started building the foundation of software there is now introDus it's a SaaS that helps companies with integrating their new hires through Preboarding, Onboarding & Offboarding.
When we started the company, I had no idea what these terms meant at the time, but I know now, I have used thousands of hours reading, and studying what it's all about, which leads to my first thing you should know before you start any company.
Nothing comes easy, and nothing happens overnight
We started with great ambition for the project and thought this thing called business would be easy to handle. Little did we know, it takes so much more effort than you could ever imagine.
First, of my partner, Anders and I worked part-time for almost six months to build our MVP, despite both having full-time jobs. Then we found out we used six months working an insane amount of overtime to achieve a slap in the face; nobody wanted to buy what we had built.
So what we did was give it out for free with only one condition, they should give us continuous feedback, it was the best thing we ever did with our business because all we gave it to back then are to this day paying customers and helped us make a "product-market fit".
Here almost two years into our journey we are now starting to gain some serious traction, which has been such a rollercoaster challenge, but everyone else I had to find out what makes me happy, and that thing is to build something of my own, something I can call my achievement.
"But hey" not everyone is prepared for building a startup, so my first tip is to figure out if it's really what makes you happy.
So if you as us are building a product which primary target group are major corporate companies, then this one is for you.
You need to think about multiple things here; most corporate companies won't buy anything no matter how awesome it is if you're not compliant with some of the most common ISO standards like "ISO 27001" which is a big chunk of documentation about your information security and how you handle their company data.
If you're in the European region, you're also forced by law to be compliant with GDPR, but well here you're in luck because many of the things you have to do to be GDPR compliant is the same things you have to do and document in the ISO 27001.
Here you think is that it
but behold there is more.
When you got your compliance under control, they will probably also ask for a penetration testing report; these are usually required to be made once a year. A penetration testing report is a crafted by a third party, who attempt to hack your system and tell you about all the potential attacks they could make.
That must be it...
It's not; you have to have an "ISAE 3402" which is an assurance standard that has to be verified by an external accounting firm.
It was published in June 2011 as a standard for documenting that a service organisation has adequate internal controls; the approach is always from a financial reporting perspective.
There is no doubt more things to be aware of, but you have to follow if you want more of the advice i share.