alt Hacker News> It works 99% of the time
I would add the caveat "...as long as you have no competition." If you're in a market where alternatives exist, and they have the certification, you're definitely transparently losing sales.
From the enterprise side, I can tell you vendor certification takes an order of magnitude more time/money/effort when the vendor says "we don't have cert X but here's a mountain of drivel you can paw through to try to assess risk." And not just once, but every single year during vendor reviews. It's just not worth it unless you're legitimately bringing something irreplaceable to the table -- to the point where even our executives know to google "companyname SOC2" before even engaging in a conversation.
Replies
| I would add the caveat "...as long as you have no competition." If you're in a market where alternatives exist, and they have the certification, you're definitely transparently losing sales. I wouldn't say that its definitive, but it creates a big challenge. And they 100% will use it against you.
It depends on your target market. If you only sell to enterprise/large companies, you may need SOC2 sooner than later. If you sell to SMBs or startups, this advice works (I sell in this space mostly).