Riding the Edge of Performance

In SaaS

T he reality of a start-up is that you are always trying to find the edge – the edge of performance, product investment, hiring, and financing. You have to walk a fine line. If you over-invest, ahead of demand, it is going to slow you down; under-invest, and you are likely to be caught short.’Nuff said.

As I was trying to find the edge for this blog – to discuss a couple of dry topics like compliance and governance – it took me back to when we started this discussion just months into company formation, and it was all about finding the edge. As a skier, it reminded me that I haven’t been out to the slopes since that time (I should fix that), but I discovered some wonderful content in the process (Skiing on the Edge).

Edging; it’s one of skiing’s most important FOUNDATION skills. To descend mountain trails with confidence and precision, skiers need to develop the ability to control their direction and speed in any manner and at any moment they choose.

Six months into company formation, the product was shaping up nicely. We had made many of the right early decisions, like building on AWS – a world class infrastructure, leveraging Redshift for the cloud data warehouse, betting on the ServiceNow platform for our first offering. It was time to look beyond the product to what else needed to put in place for success – sales & marketing, compliance & governance, provisioning & operations, service & support among others. In all cases, we needed to do enough to be ahead of demand, but not so far ahead that it was a wasted investment. We needed to be at the edge.

From day one, we have prioritized building a very strong security infrastructure and processes. As part of having an edge in compliance and governance, we identified three things that were must-haves for our customers (1) a strong Privacy policy; (2) a US/EU safe harbor certification, and (3) a SOC 2 compliance certification. A strong Privacy policy reassures our customers, prospects and visitors that we respect the confidentiality of their data and personal information. The EU Data Protection Directive has even stronger policies regarding the collection, use and retention of personal information from EU member countries. Numerify complies with the U.S.-EU Safe Harbor Framework. Finally, SOC 2 is the officially recognized auditing standard for service organizations to demonstrate their security controls and processes.

After the first year, we had published our Privacy policy, completed the U.S.-EU Safe Harbor certification and actively put in place all the foundation policies we needed for the SOC 2 Trust Principles of Security, Confidentiality, Availability and Processing Integrity. All of this, fundamentally, made our offering stronger and more secure. Before the two year mark, we successfully completed a comprehensive SOC 2 Type II audit, providing our customers with an increased level of assurance about information management and security with Numerify’s cloud applications.

And lo and behold – the day after we completed our SOC 2 Type II audit, we were using the results in a customer RFP – it was a success on day one! By clearly identifying what we needed to do well in advance (the SOC process took us a year), no more and no less, and then flawlessly executing with our audit partner, we delivered tangible value to the business. We will clearly do more compliances and certifications, but we always want to be on the edge of performance – staying ahead of the curve, but not so far ahead that we are doing things that deliver no tangible business value for our customers and Numerify. All this talk about the edge and performance reminds me that I better make some skiing reservations for 2015 over the President’s day weekend. Cheers ☺

Recent Posts

Leave a Comment