Security Documentation is scalable
It really may not seem like it when you first start out as a startup company but security documentation is something that can be scaled. Can and needs to be. You’ll very quickly start to understand that filling in security documentation is one of the least enjoyable roles in any startup company. If you’re selling into enterprise customers the questionnaires can become very lengthy and very invasive. The level of this that you will need to deal with will be very dependant on the service that you provide and the data that you are collecting from your customers.
Anticipating needs of customers
Just like the rest of the SAAS contracting process there are a number of things that can become predictable as requests from customers. The difficulty with this is that they always request these things in a slightly different way. And there is a surprisingly easy way to get around this. Early and prompt communication. Remember that the contracting process for software is a two way street, they will request things from you and you will request things from them. During this negotiation one side generally gets stuck with the grunt work of having their information fit into the request of the other party. One easy way to get around this is to have all of the information prepared before hand and give this to the buyer before they ask for it. Think about documentation of your security, documentation of your data storage, documentation of your software architecture. By handing this over before its even asked for you are putting the onus on the customer to fit your work into their framework rather than waiting for the framework and then having to reengineer everything to fit into this.
Does this slow down the sales process? No, if anything this puts the work that needs to be put in with the party in the negotiation that has the resources to do this work. It puts the ball in their court.