Chicken Or The Egg: Compliance or Clients?

Early stage startups targeting enterprise clients often find themselves in an interesting conundrum, which is they have key prospects that tell them that in order to purchase the startup needs to prove their security in the form of SOC2, ISO27001 or another compliance standard.

Early stage startups targeting enterprise clients often find themselves in an interesting conundrum, which is they have key prospects that tell them that in order to purchase the startup needs to prove their security in the form of SOC2, ISO27001 or another compliance standard.

 

This often leaves a leadership and sales team in a pickle – they don’t know for sure if the customer will buy, and the revenue from the deal will often cover the costs in achieving compliance but they don’t have the revenue in hand yet.

 

As someone who has dealt with this, time and time again, it is critical to understand the difference between a sales objection and a sales blocker.

 

A sales objection is a prospect’s way of telling you “I’m not really interested but I don’t want to say no.”. Alternatively, it can be a way of saying “I never really had purchase authority but I’ve been enjoying talking with you and kicking tires.” or “I don’t really have budget for this but I’m not willing to tell you that.”. If not compliance, it will be a feature you’re missing, or the fact that you’re too young of a startup, or any of a million different excuses to block the deal.

 

A blocker is typically a singular objection, that if handled, allows the client to move forward with purchasing. Sometimes a blocker is caused by company policy in a larger organization, regulations, a grumpy influencer who has been able to insert it to favour another vendor.

 

The simple question to ask is “If we can do XYZ (for example, achieve SOC2 compliance) are you ready to place an order?”. Put up or shut up. If the answer is “yes, but…” or “no, you still need to…” then there is more work to be done to lay out all the objections. If the answer is “yes!” then the follow-up questions are:

 

  1. Would you be willing to put this in writing (ie, get an agreement in place)?
  2. Are you able to do a partial paid roll-out while we address this blocker?
  3. If we commit to doing X in the contract by date Y, can we move forward?

 

In the case of compliance, often you can leverage option #3 – if the client truly wants to buy from you, and you’ve addressed core security concerns, putting a date on compliance in the contract can unblock a deal and allow you to move forward.

 

At Kobalt.io, we build security, privacy and compliance programs not only to keep the bad guys away, but to accelerate the growth of innovative startups. We’re experts in navigating the above problem – helping you wrestle with security and compliance objections, clearing them off the table and helping you land revenue. This revenue can help increase your growth trajectory and more than justify the investment in the services needed to make you and the data entrusted to you secure.

 

We’ve also partnered with Vanta to further accelerate and lower the load of compliance on your internal teams. We bring expertise, operational support and guidance to help your team get there in a cost effective, low impact way so they can focus on shipping the product your clients want to buy.

 

Contact us today if you’d like our help.

Sign up to receive updates and newsletters from Kobalt.io