All posts by Benjamin Brandall


4 Things SaaS Companies Need to Know About Regulatory Compliance

The following is a guest post submission from Nathan Sykes. Nathan is the founder of Finding an Outlet, a site dedicated to the latest in B2B IT news and trends. Follow him on Twitter @nathansykestech to read his latest articles.

regulatory compliance

As cloud-based solutions, like SaaS and remote technologies, become more prevalent than ever we’re starting to see regulators and auditors get more serious about IT governance standards. As standards become more stringent, companies become more aware of the requirements set upon them and, in turn, ask providers to help with IT audits.

As you might expect, this means the pressure gets offloaded onto SaaS providers, who don’t generally perform audits or mind regulatory requirements outside of their own responsibilities. But the landscape is changing rapidly, not just in regards to audits but additional regulatory and legal constraints too, right along with financial limitations and tax requirements.

What exactly is changing in the SaaS legal landscape, and what do you need to know about it?

Sales tax and nexus

In October 2017, the U.S. Supreme Court ruled in South Dakota v. Wayfair that internet-based and e-commerce retailers can be required, by law, to pay and collect sales tax in states even where they lack a physical presence. This completely uproots decades of legal precedence, not the least of which relates to the concept of nexus.

How nexus applies

Source

Nexus is essentially your physical influence or presence within a state. If you have “nexus” within a region, then you can be required by law to collect and pay sales taxes lest you incur fines and compounding interest. The idea is used to declare and determine where a business may have a physical presence even outside their home state.

Determining nexus has always been particularly tricky because each state varies regarding qualifications. What gives you nexus in one state may be completely different in another. And this supreme court ruling just made it even more difficult, especially for SaaS providers who operate and serve on a broad level outside of their home location(s).

As a result, South Dakota now has an economic nexus law — among 25 other states and counting — that increases the tax burdens of online businesses, SaaS and cloud service providers included. What this means is that general tax burdens will grow, and companies will need to expansively research tax burdens on a state-by-state basis with more scrutiny than ever before. This has happened before, further muddling the definition of nexus and sales tax when it comes to online services, so it’s not unreasonable to think it will be expanded even more in the future.

A major issue with these tighter laws is that they tend to have low limits: 200 total transactions — as opposed to customers outright — in a state will commonly develop nexus. But since SaaS providers deliver subscription-based pricing models and deal with multiple invoices per client, you can end up with nexus in a state faster.

This further facilitates the need to have an accountant or experienced professional deal with taxing and monetary collection policies. Don’t overlook this, especially if your business is spread across varying locations and your service coverage is far-reaching. You will need to identify and understand where sales tax is necessary, and failure to do so will lead to severe consequences not the least of which is heavy legal fines and court costs.

Provider-focused auditing

Security and data governance audits are less an optional state of checks and balances and more a legal and regulatory requirement these days. Therefore the onus has shifted to providers to help deal with and prepare for some of these experiences.

SaaS regulation barriers to cloud adoption
Source

Increasingly, SaaS clients require records on IT security audits, clear-cut data storage, handling and protection policies, performance standards, end even risk management or disaster recovery plans. In other words, you may be initially audited by clients — in a way — before any legal audits take place.

Common auditing concerns

More than proper planning and documentation, it helps to have these elements established long before your clients even ask, so that when the time comes, you can provide the necessary assurances.

Here are some things to consider for future and present audits:

  • Do you have a corporate security policy?
  • Is there a dedicated security team in place to handle events and failures?
  • Do you have a formal procedure for reporting a security violation or data breach?
  • Do you regularly conduct penetration testing or have a third-party handle the process? When was the last relevant test performed, and what were the results? What are you doing to remedy any flaws or vulnerabilities discovered?
  • Whether through external means or internal discovery, what are you doing to both identify and remediate vulnerabilities in your system and network?
  • How often are applications or software tools updated? What is the process for doing so and how does this affect security? What about customer or client downtime? How long will the update process take?
  • Do you have a process for announcing and sharing scheduled maintenance sessions?
  • Is there API access or external integration support? How does this relate to data security and protections?
  • Are all API units authenticated, data encrypted, and monitored?
  • How do you physically secure access to your data facilities or operations sites?
  • How do you comply with HIPAA/Sarbanes-Oxley/PCI DSS 3.0/ and other similar-level regulations? Do you have documentation to support this?
  • Are all your processes — including data backups — documented in full with details on how you handle operations?
  • How far does your disaster recovery plan extend? What will you do if your customers are affected by a breach? How will you continue to ensure their privacy and security?

Legally mandated data protections

GDPR or the General Data Protection Regulation in the European Union is designed to protect businesses from overreaching and provide more assurance for citizens in regards to personal data and privacy. For example, one new requirement from the law forces companies to offer a “forget me” option that allows European citizens to not only download and see any personal associated data collected about them but also delete it in full.

Since SaaS in the enterprise is not inherently a consumer-level business it’s easy to fall into the trap of thinking GDPR doesn’t apply. But it does, in some cases even on multiple levels. With some providers, for example, the protections may extend to customers, a customer’s customers and sometimes beyond. This means that even if your company or business doesn’t serve affected customers, but one of your clients or service users does, then you’re obligated to comply where applicable.

Under GDPR, the purpose, nature and storage duration of data must all be supplied and honored. That is, if you say you’re going to keep data for two years, then you should immediately purge it after said period. You must also define and adhere to the type of data being processed, while also considering the responsibilities, rights and requirements of customers — who generally serve as the source or inherent “owner” of specific data sets.

This extends to security protections, as well. Customers must be informed of a breach or security issues as soon as it a company is aware of it. Providers must ensure that protections are in place to prevent data breaches and fully secure customer information. Failure to do so will result in hefty fines.

Here’s a GDPR and protections checklist you can review to ensure ultimate compliance:

It’s important to understand, however, that no matter how comprehensive this checklist may seem, there’s much more that goes into ensuring compliance. Therefore, it’s crucial you do your due diligence to research and understand the new regulations and how they apply to your business and operations.

General data practices

Outside of the legal and regulatory space, there’s also the matter of protecting your data and digital assets internally.

Throughout most of your auditing and data protection strategies, you’re focused on external data channels that often stem from your customers and umbrella users. It’s easy to forget that you — as a business — have your own proprietary data and trade secrets that you need to handle properly.

Here are some questions you should be asking:

  • How often do you back up your sensitive data and where is it stored?
  • How often are backups completed? If there is a data breach, failure or complication what could be lost?
  • What security measures do you have in place to retain control of your systems and network?
  • How will service interruptions affect your customers, their data and their users?

Protecting data that belongs to your customers and clients is vital, but you need to protect the content that relates to your business or organization and its primary operations as well. If you offer a cloud-service application, for example, where is the source code housed and is it handled or edited in a way that won’t compromise the entire business?

The landscape is tumultuous; be ready to evolve

As is evident through many of the discussions in this guide, the world of cloud computing and SaaS is changing considerably, along with the rest of the enterprise market. There’s a general focus on network and user security, data protection, customer rights and moral responsibility in some cases in regards to products and service offerings. Sometimes, as is the case with GDPR, regulations extend beyond your direct clientele and stretch further down the chain to include anyone affected by internal data usage and collection.

That’s why compliance internally is crucial to the success and continued operations of your business. The last thing you need to deal with are repercussions handed down by government bodies, your customers or the community at large.

What is Task Management? 3 Proven Methods Explained

What is Task Management

The most productive people on Earth aren’t superheroes. They have the same amount of hours in their day as you do, and often find ways to work far fewer hours, too. How do they do it?

When I was struggling to stay on top of my new responsibilities, I was asking the same question. Over time, I discovered task management techniques, to-do list apps and how to stay off Twitter to focus on work that matters.

I’m writing this task management guide because I want to share with you what I’ve learned since being thrown from office grunt work to the hectic life of a startup employee.

Over the next few chapters, I’ll be writing a huge guide to task management that will help you write your to-do list, stay on top of your workload and get more done.

Continue Reading

Ahrefs vs Moz: The Ultimate SEO Tool Showdown

Moz vs Ahrefs

Looking at the pricing pages and marketing material for complex SaaS products can be confusing enough, but comparing two similar products is a real pain on paper.

Which do you choose?

Ahrefs and Moz pricing pages

From just this information, the list of features, and outdated reviews, it’s impossible to make a decision, especially with a very specific set of requirements.

After checking out the features of the major SEO tools, we decided to try Moz and Ahrefs in parallel, getting trials of both on the comparable Medium and Standard plans.

What are our SEO requirements?

Process Street is a young, content-focused startup. Thanks to our content marketing, we’ve been able to grow the company through PR efforts, blog content and guest posts — all without breaking the bank. Finding a powerful tool to analyze just how successful these efforts have been is top priority, to make it less hit-and-miss and shape our SEO strategy in the future.

Here’s what we need from a tool:

Continue Reading

How to Write a Proposal and Get What You Want (Free Template)

how to write a proposal

A proposal has a lot of different purposes, but there’s only one good way to write one: the way that pulls together all of the information in a concise and persuasive way and helps you get what you want … whether that’s a whole new software system, or just a tweak to your marketing strategy.

This article isn’t about a business proposal — also known as a quote — but instead about the document required when formally pitching an idea for action and execution by managers or department heads.
Continue Reading

Weekly Review Checklist: An Insanely Productive Week in 14 Steps

Weekly Review

It’s easy to wake up, check the tasks marked for today and get stuck in with your most urgent and important duty. What’s harder is taking a big picture look at your task list. Who can be bothered with that? Surely that’s an hour you’ll never get back?

Nope!

You’ve got a bunch of tasks marked for later, or pending someone else’s actions. So, when’s ‘someday’? What’s waiting the next action?

You can be so focused on putting out fires and setting priorities that you leave half of your tasks sitting somewhere out of sight, which is the sort of behavior that stops you from hitting your goals and finally getting round to the work that matters.

With a little help from GTD, and inspiration from a number of task management systems, I’ve put together a quick, actionable guide on carrying out a weekly review on your productivity. Do this every week, and you’re sure to stay on top of your game.

Continue Reading

The Checklist Manifesto Review

The Checklist Manifesto Review Header

A book about disasters, human error and a simple tool that could well be the answer

Surely we don’t need any more bureaucracy, do we? Writer and surgeon Atul Gawande says yes, in fact we do. Box-checking and form-filling are often seen as the direct opposites of efficiency, but how many skyscrapers just tumble down out of the blue? Not very many, and The Checklist Manifesto explains why. It all comes down to recognizing that checklists are a powerful weapon in the fight against human error. In a series of anecdotes/case studies spanning from Gawande’s familiar operating theater to the secretive world of venture capitalism, the author makes rock-solid arguments in quick succession about why we all need more checklists in our lives. But not just any old checklists

Continue Reading

How to Build a Customer Feedback Analysis Process (with AI!)

The following is a guest post submission from Federico Pascual, co-founder and COO of MonkeyLearn.

Customer feedback doesn’t just come in through your site’s contact form – it’s everywhere.

You only have to search the Twitter handle of any product with more than a few hundred users to see that customers love to offer their opinion – positive and negative. It’s useful to be monitoring this and learning from it, but casually collecting feedback on an ad-hoc basis isn’t enough.

Startups thrive on feedback as their ‘North star’, and are constantly evolving based on what their customers request, break, and complain about. Enterprises also can’t overlook the fact that customers are what make any company tick, and must struggle harder than startups to stay relevant and innovate.

So, if you’re just collecting feedback ‘as and when’ it comes in, you’re missing out on data that’s just as important as page views or engagement. It’s like deciding not to bother setting up Google Analytics on your homepage, or not properly configuring your CRM; in the end, you’re deciding to not benefit from data that will have a transformative effect on your product strategy.

With a dataset of feedback – whether that’s from customer reviews, support tickets, or social media – you can dig into the words your customers are using to describe certain parts of your product and get insights into what they like, and what they don’t like. In this post, I’m going to show you how.

Continue Reading

How to Make a To-Do List to Power up Your Productivity

Make a To-do List

In the last chapter, I showed you how to get tasks out of your head and into your notebook.

In this post I’m going to answer some questions you might be having about what to do next, and show you how to make a to-do list even when you’re short on time.

  • Where do I put my tasks?
  • How do I break them down?
  • How do I word them?
  • What resources do I need to keep alongside them?

Read on to find out the answers.

Continue Reading

3 Ways to Optimize Your Marketing Workflow (From Personal Experience)

The following is a guest post from Reuben Yonatan. Reuben is the founder of GetVoIP an industry-leading business comparison guide that helps companies understand and choose a VoIP system for their specific needs. Follow him on Twitter, @ReubenYonatan.

marketing workflow

We at GetVoIP have gone through a lot to get to the point we’re at today. For those of you who don’t know us, we highlight the top VoIP providers and offer shoppers an alternate way of learning more about each vendor.

However, it’s not that easy to be taken seriously in this hyper-competitive space.

There are plenty of websites people can visit to get advice on business software; they can even just go to a provider page to get reviews. But, many of those websites are too promotional to trust. We pride ourselves on being transparent with our customers and helping providers reach out to as many people as possible. This leaves many of our competitors wondering how we even make money, but that alone says enough about why we’re coming out ahead.

In order to be taken seriously by the providers we cover, we have to show them how committed we are to their products by constantly brainstorming and optimizing every level of our business model.

If we don’t have a solid process, our leads will go to someone else that does.

Here, we’re going to break down three internal changes we have made to our marketing workflow which helped us help providers spread their products and services to even bigger audiences.

Continue Reading

Task Planning: Getting Tasks Out of Your Head & Into Your Notebook

task planning

Are you ever at a loss when it comes to planning your tasks? A good chunk of the time, I feel exactly like that.

That’s ok. Task management exists because planning and executing projects is hard.

Last night, I sat down with my wife and we wrote down everything we’ll need to do when we move house. It was two A4 sheets of paper before we even started breaking it down into subtasks. Two A4 sheets of paper.

The amount of items a human can hold in working memory is around 7, so when it comes to projects, of course you’re lost if you’re not planning them properly.

Don’t worry. There’s a simple way to do it, and once you’ve got that down, you’ve learnt it forever. And the start of it, just like I sat down to do last night, is writing everything down.

Here’s how to brain dump your tasks and make sense of them.

Continue Reading

Get a free Process Street account
and take control of your workflows today.

No Credit Card Required