Skip to Content
Last modified by Robert Schaub on 2025/12/17 18:07
Show last authors
1 = Operational Readiness Checklist =
2
3 == 1. Purpose and Scope ==
4
5 This checklist documents prerequisite tasks that must be completed before FactHarbor can launch to the public.
6
7 **Organization Reality:** Starting as a solo project with team growth expected within the first year.
8 **Status as of:** December 17, 2025 (V0.9.30)
9 **Target Launch Date:** [To be determined]
10
11 **Important:** Initially, one person handles multiple functions. This is normal and legal. As the team grows, responsibilities can be distributed.
12
13 ---
14
15 == 2. Critical Tasks (MUST Complete Before Launch) ==
16
17 These tasks are mandatory for legal compliance and core functionality.
18
19 === 2.1 Legal & Compliance ===
20
21 | Task | Status | Notes |
22 |------|--------|-------|
23 | **Engage Swiss legal advisor for policy review** | ⬜ Not Started | Review all policies, bylaws |
24 | **Draft and adopt Verein bylaws (statutes)** | ⬜ Not Started | Required for legal existence |
25 | **Appoint founding board (minimum two members)** | ⬜ Not Started | Can include yourself |
26 | **Apply for Swiss tax-exempt status** | ⬜ Not Started | Cantonal tax authority |
27 | **Designate Swiss representative** | ⬜ Not Started | Can be yourself with Swiss address |
28 | **Create processing activities register** | ⬜ Not Started | Internal document |
29 | **Conduct initial DPIA for AKEL system** | ⬜ Not Started | Can use templates |
30 | **Set effective dates for policies** | ⬜ Not Started | Privacy & Transparency |
31
32 === 2.2 Technical Implementation ===
33
34 | Task | Status | Notes |
35 |------|--------|-------|
36 | **Implement opt-in cookie consent banner** | ⬜ Not Started | Open source libraries available |
37 | **Build user data export functionality** | ⬜ Not Started | JSON/CSV export |
38 | **Build account deletion functionality** | ⬜ Not Started | With grace period |
39 | **Implement data retention automation** | ⬜ Not Started | Automated cleanup |
40 | **Set up breach notification procedures** | ⬜ Not Started | Document + FDPIC contact |
41 | **Implement TLS/HTTPS encryption** | ⬜ Not Started | Let's Encrypt or similar |
42 | **Set up security logging** | ⬜ Not Started | One year retention |
43
44 === 2.3 Organizational Infrastructure ===
45
46 | Task | Status | Notes |
47 |------|--------|-------|
48 | **Set up contact infrastructure** | ⬜ Not Started | See Section 5 |
49 | **Establish document storage** | ⬜ Not Started | Secure storage for bylaws, minutes |
50 | **Create incident response plan** | ⬜ Not Started | Brief document |
51 | **Set up basic accounting** | ⬜ Not Started | Spreadsheet initially acceptable |
52 | **Establish board meeting schedule** | ⬜ Not Started | Quarterly minimum |
53
54 ---
55
56 == 3. Important Tasks (SHOULD Complete Before Launch) ==
57
58 These tasks are strongly recommended before launch.
59
60 === 3.1 Governance & Policy ===
61
62 | Task | Status | Priority |
63 |------|--------|----------|
64 | **Appoint DPO (if serving EU users from day 1)** | ⬜ Not Started | HIGH - Can be yourself |
65 | **Create Terms of Service** | ⬜ Not Started | HIGH - Adapt templates |
66 | **Create basic Security Policy** | ⬜ Not Started | MEDIUM |
67 | **Create simple CLA** | ⬜ Not Started | HIGH - Adapt existing |
68 | **Document internal escalation** | ⬜ Not Started | LOW |
69
70 === 3.2 Technical & Operational ===
71
72 | Task | Status | Priority |
73 |------|--------|----------|
74 | **Set up vulnerability disclosure** | ⬜ Not Started | HIGH |
75 | **Implement 2FA** | ⬜ Not Started | MEDIUM |
76 | **Create user documentation** | ⬜ Not Started | HIGH |
77 | **Set up monitoring** | ⬜ Not Started | HIGH |
78 | **Set up backup systems** | ⬜ Not Started | HIGH |
79
80 === 3.3 Licensing & Open Source ===
81
82 | Task | Status | Priority |
83 |------|--------|----------|
84 | **Decide: Code licensing model** | ⬜ Not Started | HIGH - MIT vs MIT+AGPL |
85 | **Create LICENSE files** | ⬜ Not Started | HIGH |
86 | **Set up code repository** | ⬜ Not Started | HIGH |
87 | **Create CONTRIBUTING.md** | ⬜ Not Started | MEDIUM |
88
89 ---
90
91 == 4. Recommended Tasks (Can Be Post-Launch) ==
92
93 These can wait until after launch or until team grows.
94
95 | Task | Priority | Notes |
96 |------|----------|-------|
97 | **Trademark registration** | MEDIUM | When budget allows |
98 | **Penetration testing** | MEDIUM | When feasible |
99 | **Transparency Committee** | LOW | When team grows |
100 | **Independent audit** | LOW | When required by revenue threshold |
101
102 ---
103
104 == 5. Required Infrastructure ==
105
106 === 5.1 Contact Infrastructure ===
107
108 **Minimum Required:**
109
110 At minimum, you need contact methods for:
111 * General inquiries
112 * Privacy/data requests (FADP/GDPR requirement)
113 * Security/abuse reports
114 * Board/governance
115
116 **Options:**
117
118 **Option A: Single Contact Point**
119 * One email or contact form
120 * Routes internally as needed
121 * State response times clearly
122
123 **Option B: Functional Separation**
124 * Few key addresses for different purposes
125 * Still manageable by one person
126
127 **Recommendation:** Wait to set up infrastructure until you have domain and email hosting.
128
129 === 5.2 Documentation to Prepare ===
130
131 **Must Exist Before Launch:**
132 * Processing activities register (internal)
133 * Initial DPIA for AKEL (internal)
134 * Breach response procedure
135 * Privacy Policy (done, set effective date)
136 * Transparency Policy (done, set effective date)
137
138 **Should Exist:**
139 * Terms of Service
140 * Simple security policy
141 * CLA
142
143 **Can Wait:**
144 * Detailed security documentation
145 * Complex governance processes
146
147 === 5.3 Tools and Services ===
148
149 **Hosting:**
150 * Swiss providers (Hetzner, Infomaniak) or other reliable hosting
151 * Start small, scale up
152
153 **Email/Contact:**
154 * Swiss privacy-focused providers (ProtonMail, Tutanota)
155 * Free tiers available initially
156
157 **Development:**
158 * GitHub or GitLab (free for public repos)
159
160 **Monitoring:**
161 * Free tier services available (UptimeRobot, etc.)
162
163 **Documentation:**
164 * GitHub Wiki, GitBook, or XWiki
165
166 ---
167
168 == 6. Decision Points ==
169
170 Strategic decisions needed before implementation:
171
172 === 6.1 Critical Decisions ===
173
174 | Decision | Options | Consideration |
175 |----------|---------|---------------|
176 | **Serve EU users day 1?** | Yes/No/Later | Affects DPO requirement |
177 | **Code licensing** | MIT / MIT+AGPL | Simpler vs. stronger copyleft |
178 | **Hosting location** | CH/EU/US | Swiss aligns with mission |
179 | **AI model** | Open/API | Infrastructure vs. simplicity |
180
181 === 6.2 Organizational Decisions ===
182
183 | Decision | Options |
184 |----------|---------|
185 | **Board size** | Two minimum, can expand later |
186 | **Board meetings** | Quarterly minimum |
187 | **DPO** | Only if/when needed |
188 | **Commercial Register** | Optional for non-profit |
189
190 ---
191
192 == 7. Launch Blockers - Go/No-Go Checklist ==
193
194 **Cannot launch until ALL are complete:**
195
196 **Legal:**
197 - [ ] Verein bylaws adopted
198 - [ ] Board appointed (two members minimum)
199 - [ ] Swiss representative designated
200 - [ ] Privacy Policy effective date set
201 - [ ] Processing activities register created
202 - [ ] Initial DPIA completed
203
204 **Technical:**
205 - [ ] HTTPS encryption implemented
206 - [ ] Cookie consent (opt-in) working
207 - [ ] Data export functionality working
208 - [ ] Account deletion working
209 - [ ] Breach notification procedure documented
210
211 **Operational:**
212 - [ ] Contact infrastructure established
213 - [ ] Security incident procedure documented
214 - [ ] Data retention automation configured
215 - [ ] Terms of Service created
216
217 ---
218
219 == 8. Post-Launch Compliance ==
220
221 **Immediate Response Required:**
222 * Data subject requests (within required timeframe)
223 * Security breaches (immediate FDPIC notification if high risk)
224 * Abuse reports (timely)
225
226 **Quarterly:**
227 * Board meeting
228 * Review data retention
229 * Security check
230
231 **Twice Yearly:**
232 * Publish transparency report
233 * Review policies
234
235 **Annually:**
236 * Publish financial statements
237 * Annual policy review
238 * Privacy audit
239 * External audit (if above revenue threshold)
240
241 ---
242
243 == 9. As Team Grows ==
244
245 **Initial (Solo):**
246 * One person handles all functions
247 * Document everything
248 * Use templates and tools
249
250 **Early Growth (First Helpers):**
251 * Distribute technical vs. governance tasks
252 * Cross-training important
253 * Keep communication clear
254
255 **Established Team:**
256 * Specialized roles emerge naturally
257 * Formal responsibility assignments
258 * More sophisticated processes
259
260 **Key:** Start simple, scale processes as team and complexity grow.
261
262 ---
263
264 == 10. Budget Considerations ==
265
266 **Pre-Launch:**
267 * Legal advisor (essential)
268 * Minimal infrastructure
269 * Free tools where possible
270
271 **Ongoing:**
272 * Hosting (start small)
273 * Email/contact infrastructure
274 * Legal support as needed
275 * Scale as revenue permits
276
277 **Later:**
278 * Security assessments
279 * Trademark registration
280 * Professional audits
281 * Better tooling
282
283 **Philosophy:** Start lean, invest as you validate product-market fit.
284
285 ---
286
287 == 11. Risk Management ==
288
289 **Key Risks:**
290 * Legal delays
291 * Technical complexity
292 * Time management (solo)
293 * Volunteer coordination
294 * Burnout
295
296 **Mitigation:**
297 * Start legal work early
298 * Build MVP, iterate
299 * Realistic scope
300 * Good documentation
301 * Don't overcommit
302
303 ---
304
305 == 12. Success Criteria ==
306
307 **Ready to launch when:**
308
309 * All launch blockers complete
310 * Legal advisor approves policies
311 * Board formally approves launch
312 * Contact infrastructure works
313 * Core functions operational
314 * Capacity to handle support exists
315
316 **Remember:** Launch with working MVP, not perfect system.
317
318 ---
319
320 == 13. Timeline Considerations ==
321
322 **Factors:**
323 * Legal processes take time
324 * Technical implementation scope
325 * Part-time vs. full-time work
326 * Availability of help
327 * Budget constraints
328
329 **Approach:**
330 * Start critical path items early
331 * Build in buffer time
332 * Be realistic about capacity
333 * Iterate after launch
334
335 ---
336
337 == 14. Final Notes ==
338
339 **Don't Let Perfect Be the Enemy of Good:**
340
341 You don't need:
342 * Complex infrastructure
343 * Large team
344 * Expensive tools
345
346 You do need:
347 * Legal compliance
348 * Working functionality
349 * Clear communication
350
351 **You can launch with:**
352 * Yourself initially
353 * Basic infrastructure
354 * MVP implementation
355 * Free/low-cost tools
356 * Volunteers for help
357
358 **Focus on:**
359 * Legal requirements (non-negotiable)
360 * Core functionality (working > perfect)
361 * Good documentation (for future team)
362 * Clear communication (honest about solo start)
363
364 **Scale when:**
365 * You have users
366 * You have validation
367 * Team grows naturally
368 * Revenue supports it
369
370 ---
371
372 == 15. Version History ==
373
374 * **V0.9.30** (2025-12-17): Adapted for small organization reality
375
376 ---
377
378 == 16. Related Documents ==
379
380 * [[Privacy Policy>>FactHarbor.Organisation.Privacy-Policy]]
381 * [[Transparency Policy>>FactHarbor.Organisation.Transparency-Policy]]
382 * [[Open Source Model and Licensing>>FactHarbor.Organisation.Open Source Model and Licensing]]
383 * [[Finance & Compliance>>FactHarbor.Organisation.Finance-Compliance]]
384 * [[Governance>>FactHarbor.Organisation.Governance.WebHome]]
385
386 ---
387
388 **Last Updated:** December 17, 2025
389 **Status:** Adapted for solo start with team growth expected