My 2p is understand what your target customers need from their suppliers in this area. Are they going to require ISO27001 certification before they even consider your product? Are you going to have to demonstrate robust business continuity procedures for them to take you seriously (e.g. are they going to really trust their critical processes to a single guy who could get run over tomorrow?) Is there legislation you have to demonstrate compliance against in their domains?
First of all, you have to work through these questions and validate your assumptions on all of them. Then you'll have a chance to spot ways of solving them. This is why a lot of startup products partner with large existing suppliers in the domain as you can piggyback of their reputation and operations. But without knowing your specific needs, you can't yet guage whether this approach would be right for you.
First of all, you have to work through these questions and validate your assumptions on all of them. Then you'll have a chance to spot ways of solving them. This is why a lot of startup products partner with large existing suppliers in the domain as you can piggyback of their reputation and operations. But without knowing your specific needs, you can't yet guage whether this approach would be right for you.