The objective of company founders, CEOs, boards of directors, and early stage investors is to see a business scale and grow. Many factors contribute to a company scaling successfully, including a growing, retained customer base, customer satisfaction, and innovation. But how successful these aspects are, often comes down to the way they’re managed internally through streamlining processes, using technology and boosting employee engagement.
You can download our ebook Salesforce DevOps at enterprise scale for a deeper dive into DevOps for large companies, as well as reading this post to learn the steps needed to prepare your Salesforce instance for IPO.
Why companies IPO
When companies reach a certain size, and ambitions correlate, many companies will look to execute an initial public offering (IPO). According to Forbes, there are a few main reasons why companies might want to kick-start this process.
- To raise additional funds for growth and scaling by selling shares to the public
- Other investment avenues are too expensive
- To increase publicity
- To increase their perception and standing in the market
Whilst the benefits of being a public company can be huge, preparing for an IPO is no cakewalk. Publicly listed companies are bound by a plethora of regulatory compliance requirements for transparency and trust — and your CRM is integral to that transparency and trust. To comply with these regulations, reduce risk, and give investors confidence in your business operations, DevOps can play a key role in preparing your organization’s Salesforce instance for the challenging and lengthy process of an IPO.
Key areas to consider when preparing your Salesforce instance for an IPO
There are a few key areas to focus on when you are preparing your Salesforce instance for IPO, namely accountability, credibility and scalability.
Being able to demonstrate a high level of accountability is one of the most important parts of preparing for a successful IPO. Some of the key regulatory compliance that you’ll need to be aware of is:
For all organizations:
Sarbanes-Oxley Act (SOX): all public companies need to show they are SOX compliant. SOX is United States law that is intended to provide transparency and assurance over a company’s financial performance and public filings.
General Data Protection Regulation (GDPR): if your business is serving UK customers and processing UK citizen’s personal information you’ll need to have measures to adhere to their data protection rights.
Industry specific regulations:
- Health Insurance Portability and Accountability Act (HIPAA): all businesses handling American citizen healthcare information are bound by this legislation. It’s primary purpose is to limit disclosure of a patient’s health records to anyone other than the patient or a patient’s authorized representative.
- Financial Industry Regulatory Authority (FINRA): FINRA member firms are required to have policy and procedures that address how customer records are protected against potential threats.
Most of these regulations come down to protecting personally identifiable information (PII). The protection of PII should be a level 1 priority for all businesses. This makes it essential in preparation for IPO that businesses should be demonstrating a competent level of compliance to both specific regulations, and PII as a whole.
How DevSecOps keeps businesses accountable
A company’s accountability largely corresponds to the data that it holds. Data is precious, so it’s no surprise that it’s the key thing businesses are held accountable for. As your CRM contains a large amount of PII or regulatory-controlled information, your DevSecOps process is critical to protect it. How your CRM system is designed, managed, and maintained is central to that, which is the core facet of DevSecOps. Let’s look at how DevSecOps for Salesforce supports your IPO process:
Documentation of processes
Smaller organizations often overlook the importance of documenting processes. This includes not only business processes such as lead routing, distribution workflows, and IT, but the management of your Salesforce instance, too. Making sure your release process is properly defined and documented gives you the confidence that your process is consistent and repeatable. It should outline how risks are mitigated when making changes or developing critical business infrastructure and also needs to check that the correct personnel have permissions to make changes to production and test environments.
One of the strengths of Salesforce is its reporting capabilities but reports can easily be tweaked or manipulated. Daily backups of newly created reports, or edited reports to version control will allow you to easily recover your reporting structure if needed.
Being able to report on your process performance metrics eg. DORA will prove valuable too. If you can demonstrate consistency or improvement in your release cycles, your recovery and restoration times, and how long it takes to deploy changes, this will give investors confidence in your system management and overall processes.
Being able to mitigate risk is a core component of DevSecOps, which is achieved in a number of ways, mainly through version control strategy, sandbox management, and testing.
Version control allows your Salesforce development team to work in isolation on new features and then safely integrate them together by using pull requests. De-risking loss of work and preventing losing time recovering or repeating work is paramount to demonstrating development agility. It not only keeps up the pace of the overall company strategy, but also boosts response to the demands of the market.
Showing that your development process is underpinned by version control — with a branching strategy appropriate for your sandbox setup — builds resilience and investor confidence. Setting up sandboxes for various levels of testing, including integration testing and user acceptance, is a great way to mitigate risk in the development process. Under no circumstances should development be done directly in production.
Testing is hugely important throughout the whole DevSecOps process to make sure that you aren’t introducing any bugs or malware. Both can cause irreparable damage and should malware enter the process and cause a data leak, the company could be in violation of HIPAA or GDPR — which will carry hefty fines.
Make sure that through the development lifecycle there are mechanisms — like static code analysis and regression testing — built in to alert the team of potentially introducing deficiencies into the system and putting production data at risk.
While Salesforce provides your company with security infrastructure, it’s your team of developers and admin’s responsibility to keep your org’s data and metadata secure day-to-day. Along with benefiting the overall operation of your organization, adopting DevSecOps can also play a pivotal role in reassuring investors for critical one-off projects, including preparing for an IPO.
In addition to leaks, data loss can also destroy a company’s reputation, credibility, and trust with customers and investors. Disaster recovery is an essential component of business continuity planning.
Disaster recovery plan
All companies looking to IPO should have a comprehensive and detailed disaster recovery plan. This will outline what methods they use to protect critical data, who’s involved in the recovery process, and how the business approaches alerting customers and authorities to any potential leak or loss.
A disaster recovery plan should consider the recovery point objective (RPO), and recovery time objectives (RTO). For example, a business might process hundreds of orders or transactions every hour so backing up data for those transitions once a day could result in millions of dollars in lost revenue or information. In this instance, an RPO of one hour would be essential for business continuity. All businesses should be looking to restore from a data loss incident in as little time as possible.
Technology that helps a business to get up and running again quickly is essential. Being able to access your company data at all times is essential to continuity. The solution that you implement should be separate and secure from Salesforce so that backed up data can be accessed at all times. Your backup solution should also allow you to comply with regulations (GDPR and CCPA) allowing you to purge specific records on request.
DevOps teams are better at restoring quickly whenever things go wrong in production — especially where backups have been tightly integrated into the wider development and release process. DevOps can help businesses go public by helping organizations achieve regulatory compliance.
Proving your credibility as a business comes down to a couple of key factors. Industry perception (including customer reviews) plays a part, but primarily when preparing for IPO it comes down to financial performance. Investors want to have a good idea the business they’re investing in is stable.
Preparing information for investors
Being able to accurately report on your business performance is a must for being SOX compliant, and therefore being able to IPO. It’s also key to building investor relations and increasing your credibility.
Throughout your IPO preparation you’ll want to assess your Salesforce org and make sure that all necessary objects can be reported on. This means that you can effectively correlate sales and customer information to check that everything tallies with financial performance. It’s also important to factor in the source of historical data to give a holistic overview of the company’s progress.
Make sure your instance is set up to report on the key objects and fields that contribute to giving investors a picture of the business, and allow them to confidently complete due diligence. Some of these areas are:
- Customer acquisition cost
- Monthly recurring revenue
- Lifetime customer value
This isn’t exhaustive, but these statistics provide a good overview of a businesses health and growth potential, which investors are most interested in.
We’ve already covered the main reasons that a business will look to IPO — growth and scaling being the main ones. There are measures you can take to demonstrate that your Salesforce instance is prepared to scale with the investment you receive from an IPO.
Automating business processes by using Flow is increasingly popular for Salesforce teams. Demonstrating your org is configured to automate the tedious, repetitive parts of your sales and service reps day-to-day can be a fantastic idea. This means reps can focus on pleasing customers and doing valuable work that might not otherwise have been possible. Deploying Flows can be tricky, though — especially if you don’t have a DevOps process in place.
Automation is to your DevOps process itself. By automating repetitive tasks, or items on the checklist (that may be forgotten otherwise), you can be confident that your documented and defined process is being followed. Automated release pipelines not only speed up delivery, but increase the reliability and scalability of development.
Configure, Price, Quote
Implementing a Configure, Price, Quote (CPQ) solution is popular with expanding businesses. This is because it ensures complex pricing structures are followed by reps, while saving time generating quotes for customers. With CPQ you continue to give investors reassurance that your pricing model is repeatable, and any changes to it that may come are rolled out effectively and consistently.
Again, CPQ can be challenging to develop and deploy. Investing in CPQ DevOps solutions to aid this can prove fruitful and eliminate a lot of headaches along the way.
There’s a lot of hype over artificial intelligence (AI) and what it might be able to do for organizations as they scale.
The main way AI will be useful to an organization preparing to IPO is to analyze the performance of an org to assess its scalability. Salesforce’s suite of Einstein products are set up to do just that. Everything from automated business process analysis and smart data detection tools can make sure you’re not missing opportunities.
Center of Excellence
What we’ve covered in this blog may seem daunting — especially if you only have a few of these steps already in place. However, a great starting point is to establish a Center of Excellence (CoE).
Your CoE should set an example of how to deliver large and strategic projects in increments, demonstrating how to bring agility to the enterprise and deliver the changes needed on Salesforce to achieve business objectives, such as preparing the business for an IPO.
Get ready for successful IPO
Preparing for an IPO, though a lot of work, can be hugely rewarding. How you approach DevSecOps for Salesforce, and your Salesforce instance overall, will have a profound effect on potential investors’ ability to assess business potential, generate trust, and complete due diligence.