Hybrid Cloud Hosting Blog

How to Know When Your SaaS Company Needs Accreditation

Nov 16

Posted November 28, 2016 by  Clive Larkin


SaaS accreditations can be valuable markers for measuring the availability and security of a service, but they are also useful to help reassure customers that they can use an application with complete confidence, without fear of information theft or downtime. 

Accreditations are invaluable for SaaS companies because they demonstrate to users that they can trust in your application, infrastructure and procedures. In the past, we have written about secure cloud hosting and which certifications matter, but how do you know when your company needs to attain accreditation? 

Download our 15-step guide to implementing ISO 27001 here and simplify your  route to gaining compliance


Accreditation can be a useful tool to add credibility, as it demonstrates that your product or service meets the expectations of its customers. For some industries, certification is a legal or contractual requirement, but in the instance of SaaS this is not the case. For this reason, it makes it difficult to say with any certainty when the best time to achieve accreditation is, but best practice suggests that it’s as early as possible.  

Some companies choose not to work with a SaaS provider unless it has attained all accreditation applicable to its service, so, by not holding relevant certifications, your company might be missing out on potential avenues of business.

This could suggest that gaining all your certifications as fast as possible is the best course of action. On the contrary, there is little evidence to indicate that this is the correct strategy, and when trying to become a more attractive proposition for prospective users, a structured approach is far more sensible.

This is because obtaining relevant accreditation can often be a complex, time-consuming and all-encompassing activity which can drain resources and shift focus away from primary business goals. Staggering your approach to accreditation attainment can significantly improve the overall running of your SaaS service and allow you to remain focussed on providing excellent service for users. It is true that you should try to get your certifications as soon as you can but never to the point of rushing the process or providing an inadequate level of service.


The first decision your company should make is to decide which accreditation to attain first. Not all SaaS certifications are born equal, and to help you choose effectively you should look out for four key criteria:

  • The programme is collaborative, valid and uses relevant standards.
  • Accreditation is favourably received by SaaS users.
  • Your company is capable of embracing the accreditation guidelines.
  • Accreditation is appropriately aligned and supported by relevant initiatives.

Making sure that your company prioritises those accreditations that best satisfy these criteria will help to ensure that shifting of time and focus away from business objectives is kept to an absolute minimum, whilst rewards are maximised.   

For SaaS companies, it is sensible to prioritise certifications which focus predominantly on cloud-related and/or security requirements. Two accreditations that match this description are ISO 27001 and ISO 27018.

The ISO 27001 standard is intended to help your company keep information entrusted to you from third parties safe and secure, and ISO 27018 provides guidelines to safeguard sensitive, personal data in cloud environments. With their focus on security, these accreditations in particular are a high priority for users, but there a total of 5 essential accreditations for SaaS companies.


Staggering your approach to accreditation attainment is best practice, but there are certain instances where achieving certifications to a timescale is necessary.

In the case of selling a business, many buyers will request that all relevant accreditations are held before the sale is completed. In occasions such as these it is sensible to begin working toward certifications as soon as the decision is made, rather than waiting until there's a buyer and a smaller window of time to get things in order.

This is also true in the event of a merger or when opting to buy another business. Making sure that all companies hold the same relevant certifications will not only help to reduce headaches but will also simplify future marketing or promotional campaigns.

Working to a timescale to obtain relevant accreditation may be a time-consuming and resource-draining solution, but obtaining certifications early in the negotiation phase can help to put you in a stronger position and ensure that you achieve the best deal for your business.


It is difficult to estimate exactly when is most beneficial to start attaining accreditation for your SaaS company. It is often the case that businesses will want to check the certifications of your company before deciding whether or not to choose to work with you. And, for this reason, the sooner you can boast an impressive collection the better.

That being said, trying to implement and obtain all your accreditations in one go will be highly disruptive and is likely to end in failure. Prioritising which certifications will be most beneficial and then using a staggered approach will enable your business to gain the relevant accreditation whilst ensuring that focus is maintained upon customer service and business objectives.

Achieving certifications for your company is important to help add credibility and garner a greater number of users for your product. For help implementing any of these SaaS accreditations, download our guide here. 

Download your guide to implementing ISO 27001

Topics: SaaS