Comment by Oras
4 days ago
My point was that compliance is about trust. If I want to go the SOC2 or ISO27001 route, I want a company that has done it before.
Free in your case is not free, it's pretty expensive. If I can't comply in time, that might mean losing potential business, being late to the market, etc.
Good luck though, you made the first step.
We understand your concern, and we will focus more on this step for now. Thanks for the feedback. If you have anything else to say, we are glad to listen.
The point about trust is important in another way too - it was a pleasant surprise you led with “we’re not compliant (yet), but..”
Tis a great way to engender trust in the team. Bravo for bravely answering honestly. Wishing you folks best of success.