π¦ Simplified Business Processes (MVP)¶
Customer-Facing Processes¶
1. Board Approval Process¶
What It Does: Directors can approve policies and risk acceptances digitally
How It Works:
- Management uploads policy/risk for approval
- Directors receive notification
- One-click approve/reject with comments
- Automatic tracking for compliance records
2. Policy Management¶
What It Does: Central repository for all cybersecurity policies
Featurest:
- Upload existing policies
- Track version history
- Monitor acknowledgments
- Set review reminders
3. Essential Eight Assessment¶
What It Does: Track E8 compliance maturity
Process:
- Initial assessment questionnaire
- Monthly progress updates
- Evidence attachment
- Automated scoring
4. Risk Register¶
What It Does: Track and manage cybersecurity risks
Workflow:
- Identify risks
- Assess impact/likelihood
- Assign owners
- Track treatments
- Board acceptance where needed
5. Incident Management¶
What It Does: Record and track security incidents
Simple Process:
- Log incident
- Assess severity
- Track response
- Report to board if material
- Document lessons learned
Internal GetCimple Processes (3-Person Team)¶
Customer Onboarding¶
- Demo call
- Contract signing
- Account setup (15 mins)
- Initial E8 assessment
- First board report
Support Process¶
- Email/WhatsApp support
- Same-day response target
- Escalate to technical lead if needed
Development Process¶
- Weekly planning meeting
- Build features
- Test with pilot customers
- Deploy updates
What We DON'T Need (Yet)¶
- Complex approval hierarchies
- Multi-stage workflows
- Committee structures
- Detailed RACI matrices
- 20-page process documents
Success Metric¶
If it takes more than one page to explain, it's too complex for MVP.