The document discusses why compliance is important before seeking Series A funding. It notes that major clients and some venture capitalists expect companies to have compliance programs in place. Implementing compliance can take months, so the document advises starting compliance efforts now by identifying applicable frameworks, embedding key processes like access controls and change management into development, and confirming secondary business uses that may require additional compliance. Compliance helps mitigate risks to customers and valuations, rather than just for winning sales.

1. UP NEXT: Why You Need Compliance
Before Series A Funding with Weaver
Eric Peeters
Senior Manager - IT
Advisory
Weaver

2. Why You Need Compliance Before Series
A Funding with Weaver
Eric Peeters
Senior Manager - IT
Advisory
Weaver

3. The B2B Road to Series A Funding
Did you want to think about compliance now?
► The marquee clients you need for Series A expect Compliance to be in place
► Some VCs ask for Compliance before funding
► Implementing a compliance program takes months

4. Third-Party Risk Getting Increasing Attention
► 62% of unauthorized intrusions caused
by Supply Chain
► SEC requirements to disclose
cybersecurity incidents within 4 days
► Risk-based vulnerability management
reduces breaches
► Every new vendor is a potential risk
What risk do you represent to your customers?

5. Compliance Does Not Win Sales
► “More” compliance is not an edge
► “Less” compliance loses sales
► Cost and risk are not linked
► Not turning customers into headlines
► Compliance as barrier of entry
 Financial data
 Personal data or health data
 Customer funds
What does Compliance do to your valuation?

6. What Is Compliance
► SOC 2 – best known US option
 security, availability, confidentiality
► ISO 27001 – worldwide security
 Easiest when starting from scratch
► PCI – a must for credit card data
 Process, store, or transfer
► SOC 1 – Handling customer funds
► ISO 27017 – Cloud security
► CSA STAR – Cloud security
► ISO 22301 – Business Continuity
► FedRAMP – Selling to US Gov’t
Is one compliance program always enough?
Common Compliance Frameworks Other Frequent Compliance Frameworks

7. How To Get Started
► Secondary use cases for your service
► Likely compliance framework
 Confirm applicability
 PCI required at around 1 million swipes / year
► Good compliance programs scale up
► Embed compliance in your dev plans
► Processes to implement now
 Segregation of duties
 Approval of all code / system changes
 Principle of least privilege
 Frequent reviews/updates of user
access
How hard is it to add Compliance now?

8. Eric Peeters
Senior Manager, Cloud Services
Weaver
eric.peeters@weaver.com
817.882.7395
https://www.weaver.com/
https://www.linkedin.com/in/peeterse/
Compliance is coming sooner than
expected
Your customers want to know how you
mitigate the risk you create
Implement in your code now key
processes shared by multiple frameworks
Compliance takes months to implement

9. Thank You