NEED TO KNOW: Firming up your processes - growth in startups

When we start a business, we all want to believe that we’ve got an amazing idea that’s going to grow rapidly, grab the attention of our customers and keep a roof over our heads.

The reality is that startups often have to pivot. Even lifestyle companies, intended to grow more slowly, have to retain enough agility for the business owners to iterate through ideas and experiments.

Advances in technology and business processes are making it easier and easier for people to become their own boss and test new, disruptive ideas. With the exception of opening a bank account (which can still take frustrating weeks of form-filling and crossed wires) it’s possible to have an idea; register a business; buy a domain; setup email, file sharing, websites etc.; and order your business cards, all on the first day of trading. (We said possible, not advisable!)


Whether it be for the benefit of customers, potential mergers, or to satisfy regulatory requirements, sometimes businesses have to give up some of their flexibility in the name of doing business.


1. Documenting processes to make a business acquisition-ready

Many startups are incorporated with the intention of being built for sale to a large incumbent, who is likely to value the innovation without wanting to stifle an idea too early with the processes of a big organisation. Working small and lean lets a business experiment with an idea and test new customer bases. However, this type of business is eventually going to have to be merged into a much larger company. They’ll have to evaluate the value of the business before purchase. Often that value is in the people and their ideas, but other parts of the business also have to stand up to scrutiny.

So what types of documentation might it save time to begin creating early on? What’s likely to be needed further down the line, before the business is ready to be sold?

If you can create robust customer agreements, ensure key supplier terms are favourable, and above all else, ensure ownership of the intellectual property you create, and demonstrate good governance and compliance with any statutory and regulatory requirements, you are locking in value in your business.


2. Registering and protecting intellectual property

Small businesses are often aiming to solve problems that have never been addressed before, disrupt a sector, or monetise an idea. Whether it’s a patentable idea, content subject to copyright, branding and trademarks, or the time it’s taken to develop proprietary processes, it’s often the accumulation of our efforts that we’re attempting to protect. But what happens if another business has had the same idea? When is competition healthy and when should we be attempting to protect our products?

Owners need to make sure they are recording the value they create, that it is owned by the business (what if you are using subcontractors for example: is the contract clear that IP they generate belongs to the business?) and where necessary or appropriate it is properly registered. If you can show potential purchasers that these things have been properly taken looked after it will give them confidence in moving ahead.

These “housekeeping” issues can seem a distraction when the day is filled with pursuing the business idea and looking for customers, but ultimately they can be as important in ensuring a reward for all the effort put in.


3. Data protection processes

Most startups will be handling personal data of some kind – be that emails and contact details of customers and suppliers, confidential employee information, or data that they are collecting and analysing as part of a service. That means that complying with the regulations for handling personal data may be the one of the first regulatory hurdles a business has to jump, alongside the incorporation of the business and registering with HMRC.

The ICO has an advice page for this starting out ( and Clayden Law has extensive experience in providing advice on more complex data protection issues.


4. Implementing cyber security

For many businesses, reducing cyber security risk (at least in the early days) is uniquely part of the GDPR compliance process. Decisions need to be documented, just in case the business has a breach, but it’s unlikely that the business has carried out any rigorous risk assessment, or extended their concerns to include the protection of the business’ own assets. As the business grows, this risk appetite is likely to change – the more time a business has invested in making a product the less likely they are to want to have this work copied by a competitor.

Basic cyber security measures that can demonstrate protection within a small business can be inexpensive. Take Cyber Essentials as an example – the standard focuses on updates, secure configurations and other things that can, when considered for one or two people, seem trivial. The reason that these measures significantly improve security in an SME is because the standard requires you to implement them consistently, which can become a non-trivial requirement.

The processes, documentation and training required to achieve a consistent level of security across a startup can take time to achieve. It’s definitely out of proportion with most other processes within a small business. However, data breaches are something that small businesses struggle to survive and security is about employee culture. If it’s given attention early on, it costs less to achieve more.


5. Reassuring customers that distributed organisations are legitimate

Each industry is different, but it’s not uncommon for decision makers’ risk appetites to be influenced by their understanding of what a business looks like. Imagine an insurance company hiring specialist contractors to advise their clients claiming against their policy. In a traditionally risk-averse industry, the insurer might prefer to contract to a business that operates 9-5 from an office than a distributed network of consultants available 24/7.

Depending on the industry, a business might need to introduce additional infrastructure, rules and processes to meet the clients’ expectations. Technology enables us to work differently, but each decision maker, organisation and industry have their own working culture. As  a facilitator, technology may only make the things that we already do easier to achieve – its our competitors and small disruptive organisations that tend to make use of these technologies in a way that forces change.

Customer, suppliers, potential employees and potential investors will all be reassured by a business that operates professionally and which uses documents and processes which reflect this attitude. In a world where the flexibility of “pop-up” businesses is commonplace, the professionalism of outward facing documents is taking the place of the “brass plaque” on the door.


To round up

Irrespective of the sector that you are doing business in, there may be a need for startups to begin firming up their processes early on, before they’re ready to follow the standards and compliance considered best practice by large organisations. Depending on the reason a business has for formalising processes, documentation of those decisions and processes can prove compliance and add ongoing value to the business.