← Ledger home/ Sub-ledger 04
Decision framework
Is SOC 2 worth it? Run the maths.
Input your real numbers. Get a payback period, Year 1 ROI multiple, and the revenue you are unlocking. Pre-loaded scenarios for four company stages.
Inputs
$
$
Pre-loaded scenarios
Outputs
Payback period
1.3
months
Year 1 ROI multiple
9.2x
of Year 1 cost
Annual revenue unlocked
$600k
from gated prospects
Sales-cycle acceleration
4 wks
per enterprise deal
Security-questionnaire time saved
180 hrs / yr
approx. $18k loaded labour value
When to invest, when to wait
Decision rules
Invest now if
- Two or more enterprise deals are gated on SOC 2 right now
- Your average deal is above $30k ARR
- Sales engineers spend 10+ hours per prospect on security questionnaires
- You expect to raise in the next 12 months and security posture is in diligence
Wait if
- No enterprise prospects in pipeline, no SOC 2 requests
- Runway under 12 months and the spend would shorten it materially
- Product-market fit still uncertain, ICP not locked
- Buyers will accept a security questionnaire or self-attestation today
The inverse
The cost of NOT having SOC 2 in a market where competitors do is often larger than the spend itself. See /cost-of-not for the lost-deal calculation.