I'm running a SaaS startup (small team under 20 people everyone is at their full capacity) and we're trying to sell to enterprise clients. Having enterprise as your clients will open up gates, so it's something we've been pushing through this year. But they have very strict requirements about data security and we’ve just lost our deal with them due to "incomplete security docs" So this leads to two scenarios: (1) We need to truly invest in frameworks like `ISO27001` or `SOC2` (for North America clients typically). But we currently cannot afford anything above 1️⃣0️⃣k in total for this certification, and our current research shows that it’s super costly and time consuming (2) We need to change our target clients to companies that don’t require such strict security requirements If you've been through this before, we need your advice. Thank you, truly!