Quick research question for founders here 👇
When you started building your product:
- Did you ever plan to do formal compliance (SOC2 / ISO27001 / HIPAA / etc.)
- Yes, from the beginning
- Yes, but only later
- No / never thought about it
- If yes, when did you actually start thinking about it?
- While designing the product / architecture
- After first customers
- After enterprise customers
- During fundraising
- Only when someone explicitly asked for it
- Looking back, do you think:
- Thinking about compliance earlier would’ve helped
- It would’ve slowed you down
- Or it didn’t matter at all for your business
Would love some answers 🙏
Yes, but only later. I think it is dependent on the nature of compliance issues we are discussing and the severity / exposure of not being compliant. If it is a federal regulation enforced by a major regulatory body, err on the side of caution and cross your t's and dot your i's as soon as possible. If the exposure from the compliance issue is potential copyright strikes / complaints from creators and/or labels, generally it is not an issue until your platform has a certain reach / scale.
I think I will take this into consideration once our internal team expands and we have bandwidth to allocate to back-office tasks like this. Right now, the sole focus is getting users / early adopters, soliciting and aggregating feedback, and using that insight to consolidate and prioritize our product roadmap.
I am not far enough to necessarily "look back" but I think it would have been overthinking it (paralysis by analysis) and definitely slowed me down.