Most people only care about compliance if it stops them from closing a deal. I was at a startup where some enterprise said we needed a SOC 2. The founder talked them out of it by giving them a discount if they'd waive the requirement.
My company is tiny (just me) and at one point a client sent over a questionnaire that I needed to fill out. Half the things I already did, about 1/4th I did right then so I could check the box (added features/reports/etc), and the last 1/4th I looked into (including SOC2) and decided I’d rather lose the deal than try to do those things. I was completely truthful in the questionnaire and for those sections I just put “We can provide this but it costs extra”.
I ended up getting the contract and they never asked for those extra things. I guess that’s kind of the same thing your founder did but in reverse. Discount to skip it vs it will cost more to add it.
To be clear, I think most of the questionnaire was just “we want these answers on file”, I’m not in an industry where most of what they asked for is reasonable/needed. Though it scared the hell out of me when I got it because SOC2 (and some other things they asked about) is not cheap. Literally 1-2x the cost of the service I was selling. All for something I consider a _very_ small step about snake oil.
> I ended up getting the contract and they never asked for those extra things.
Same boat about 2 years ago: the compliance is a lot more flexible than you would think - it doesn't matter if you have a poor password policy, what matters is that you document you have a poor password policy.
Your client didn't have to get a compliant vendor to remain compliant themselves; what matters to their compliance is formal attestations from their vendor about where they are not compliant.
As a 1-man show I went through the same thing, still got the contract even though I had to formally attest to not having maybe 25% of those boxes ticked. The whole point is that it is recorded that you don't have MFA, or that you failed a pentest on these 5 items... or that you have a vendor who fails these specific 43 requirements.
In a way, this may be a good thing for the 'compliance' ecosystem because it will prompt people to actually read the report and check the evidence, as opposed to trusting a badge.
If you read through the report PDFs of affected companies, you'll find a lot of stock wording and phrases that don't even make sense.
Both of the "cute" responses to this post suggest a lack of culinary imagination. You are correct to ask this: no preservation method is taste-neutral, and moreover, this process requires a varietal that is likely quite different in flavour and texture to supermarket grapes, or even wine grapes.
I wonder if there are earthy notes picked up by the process? Similar to pu-er tea for example? Do the grapes become sweeter, or even partially fermented?
Opvia (YC S20) | DevOps/DevEx engineer| London (UK based)| + Enterprise AE | London or US| opvia.io
Opvia wants to be the software layer for regulated manufacturing companies. Regulated industries (Pharma, biotech, F&B) need better software to go to market faster, get insights from their data, and comply with the regulations. Opvia makes it easier to build exactly the procedures and workflows companies need with its no-code platform.
If you are a backend developer familiar with GCP and Terraform and want to have an impact reach out.
If you are a sales professional (outbound SDR or enterpise AE) and want to have an impact on a small sales team with a huge market, reach out.
Drop me a line (alberto@opvia.io) if you need further info or are looking for a different position
Opvia (YC S20) | DevOps/DevEx engineer| London (UK based)| + Enterprise AE | London or US| opvia.io
Opvia wants to be the software layer for regulated manufacturing companies. Regulated industries (Pharma, biotech, F&B) need better software to go to market faster, get insights from their data, and comply with the regulations. Opvia makes it easier to build exactly the procedures and workflows companies need with its no-code platform.
If you are a backend developer familiar with GCP and Terraform and want to have an impact reach out.
If you are a sales professional (outbound SDR or enterpise AE) and want to have an impact on a small sales team with a huge market, reach out.
Drop me a line (alberto@opvia.io) if you need further info or are looking for a different position
Opvia (YC S20) | DevOps/DevEx engineer + Sales development representatives + Enterprise AE | London (UK based)| opvia.io
Opvia wants to be the software layer for regulated manufacturing companies. Regulated industries (Pharma, biotech, F&B) need better software to go to market faster, get insights from their data, and comply with the regulations. Opvia makes it easier to build exactly the procedures and workflows companies need with its no-code platform.
If you are a backend developer familiar with GCP and Terraform and want to have an impact reach out.
If you are a sales professional (outbound SDR or enterpise AE) and want to have an impact on a small sales team with a huge market, reach out.
Drop me a line (alberto@opvia.io) if you need further info or are looking for a different position
reply