Show HN: Free mortgage analysis tool to avoid getting screwed by closing costs

(closingwtf.com)

273 points aaln | 2 comments | 15 Nov 24 17:38 UTC | HN request time: 0.418s | source

Show context

mnahkies ◴[17 Nov 24 08:24 UTC] No.42162794[source]▶

There's a number of threads here about privacy/security concerns. I'm curious what should be the bar for grassroots/bootstrapped projects like this?

Having recently taken a company through ISO 27001:2022 it's a pretty expensive and time consuming process, that doesn't seem reasonable to do early on in a projects creation - you don't yet know if you have product market fit.

However, you're wanting people or companies to trust you with their data - so it starts to feel a little chicken/egg

What's the best middle ground here for building trust whilst acquiring your first users?

replies(1): >>42163275 #

1. ISO27Auditor ◴[17 Nov 24 10:28 UTC] No.42163275[source]▶

>>42162794 #

ISO 27001 implementation and certification doesn't have to be overly expensive if you have the right team to help you. It also doesn't have to be time consuming as you can outsource a good deal of the work. I work as ISO 27001 auditor and I help companies get ISO certified. For a small company the combined cost of certification and external provider support ranges from $5k to $8k. Of course if you are a larger organisation the cost will go up, but not drastically.

replies(1): >>42163541 #

2. mnahkies ◴[17 Nov 24 11:29 UTC] No.42163541[source]▶

>>42163275 (TP) #

That makes sense, but simply isn't viable cost wise IMO if you're trying to bootstrap a side project - until you have your first users and a sense that you have something people are willing to pay for, spending thousands on compliance certifications seems pretty risky.

I'm interested in what the best strategy to build/establish trust when you can't yet afford to pay for certification is.

↑