Skip to Content
Last modified by Robert Schaub on 2026/02/08 08:30
Show last authors
1 = Operational Readiness Checklist =
2
3 == 1. Purpose and Scope ==
4
5 This checklist documents prerequisite tasks that must be completed before FactHarbor can launch to the public.
6 **Organization Reality:** Starting as a solo project with team growth expected within the first year.
7 **Status as of:** December 17, 2025
8 **Target Launch Date:** [To be determined]
9 **Important:** Initially, one person handles multiple functions. This is normal and legal. As the team grows, responsibilities can be distributed.
10
11 == 2. Critical Tasks (MUST Complete Before Launch) ==
12
13 These tasks are mandatory for legal compliance and core functionality.
14
15 === 2.1 Legal & Compliance ===
16
17 | Task | Status | Notes |\\
18 |----||-----|\\
19 | **Engage Swiss legal advisor for policy review** | ⬜ Not Started | Review all policies, bylaws |\\
20 | **Draft and adopt Verein bylaws (statutes)** | ⬜ Not Started | Required for legal existence |\\
21 | **Appoint founding board (minimum two members)** | ⬜ Not Started | Can include yourself |\\
22 | **Apply for Swiss tax-exempt status** | ⬜ Not Started | Cantonal tax authority |\\
23 | **Designate Swiss representative** | ⬜ Not Started | Can be yourself with Swiss address |\\
24 | **Create processing activities register** | ⬜ Not Started | Internal document |\\
25 | **Conduct initial DPIA for AKEL system** | ⬜ Not Started | Can use templates |\\
26 | **Set effective dates for policies** | ⬜ Not Started | Privacy & Transparency |\\
27
28 === 2.2 Technical Implementation ===
29
30 | Task | Status | Notes |\\
31 |----||-----|\\
32 | **Implement opt-in cookie consent banner** | ⬜ Not Started | Open source libraries available |\\
33 | **Build user data export functionality** | ⬜ Not Started | JSON/CSV export |\\
34 | **Build account deletion functionality** | ⬜ Not Started | With grace period |\\
35 | **Implement data retention automation** | ⬜ Not Started | Automated cleanup |\\
36 | **Set up breach notification procedures** | ⬜ Not Started | Document + FDPIC contact |\\
37 | **Implement TLS/HTTPS encryption** | ⬜ Not Started | Let's Encrypt or similar |\\
38 | **Set up security logging** | ⬜ Not Started | One year retention |\\
39
40 === 2.3 Organizational Infrastructure ===
41
42 | Task | Status | Notes |\\
43 |----||-----|\\
44 | **Set up contact infrastructure** | ⬜ Not Started | See Section 5 |\\
45 | **Establish document storage** | ⬜ Not Started | Secure storage for bylaws, minutes |\\
46 | **Create incident response plan** | ⬜ Not Started | Brief document |\\
47 | **Set up basic accounting** | ⬜ Not Started | Spreadsheet initially acceptable |\\
48 | **Establish board meeting schedule** | ⬜ Not Started | Quarterly minimum |\\
49
50 == 3. Important Tasks (SHOULD Complete Before Launch) ==
51
52 These tasks are strongly recommended before launch.
53
54 === 3.1 Governance & Policy ===
55
56 | Task | Status | Priority |\\
57 |----||----|\\
58 | **Appoint DPO (if serving EU users from day 1)** | ⬜ Not Started | HIGH - Can be yourself |\\
59 | **Create Terms of Service** | ⬜ Not Started | HIGH - Adapt templates |\\
60 | **Create basic Security Policy** | ⬜ Not Started | MEDIUM |\\
61 | **Create simple CLA** | ⬜ Not Started | HIGH - Adapt existing |\\
62 | **Document internal escalation** | ⬜ Not Started | LOW |\\
63
64 === 3.2 Technical & Operational ===
65
66 | Task | Status | Priority |\\
67 |----||----|\\
68 | **Set up vulnerability disclosure** | ⬜ Not Started | HIGH |\\
69 | **Implement 2FA** | ⬜ Not Started | MEDIUM |\\
70 | **Create user documentation** | ⬜ Not Started | HIGH |\\
71 | **Set up monitoring** | ⬜ Not Started | HIGH |\\
72 | **Set up backup systems** | ⬜ Not Started | HIGH |\\
73
74 === 3.3 Licensing & Open Source ===
75
76 | Task | Status | Priority |\\
77 |----||----|\\
78 | **Decide: Code licensing model** | ⬜ Not Started | HIGH - MIT vs MIT+AGPL |\\
79 | **Create LICENSE files** | ⬜ Not Started | HIGH |\\
80 | **Set up code repository** | ⬜ Not Started | HIGH |\\
81 | **Create CONTRIBUTING.md** | ⬜ Not Started | MEDIUM |\\
82
83 == 4. Recommended Tasks (Can Be Post-Launch) ==
84
85 These can wait until after launch or until team grows.
86
87 | Task | Priority | Notes |\\
88 |----|----|-----|\\
89 | **Trademark registration** | MEDIUM | When budget allows |\\
90 | **Penetration testing** | MEDIUM | When feasible |\\
91 | **Transparency Committee** | LOW | When team grows |\\
92 | **Independent audit** | LOW | When required by revenue threshold |\\
93
94 == 5. Required Infrastructure ==
95
96 === 5.1 Contact Infrastructure ===
97
98 **Minimum Required:**
99 At minimum, you need contact methods for:
100
101 * General inquiries
102 * Privacy/data requests (FADP/GDPR requirement)
103 * Security/abuse reports
104 * Governing Team/governance
105 **Options:**
106 **Option A: Single Contact Point**
107 * One email or contact form
108 * Routes internally as needed
109 * State response times clearly
110 **Option B: Functional Separation**
111 * Few key addresses for different purposes
112 * Still manageable by one person
113 **Recommendation:** Wait to set up infrastructure until you have domain and email hosting.
114
115 === 5.2 Documentation to Prepare ===
116
117 **Must Exist Before Launch:**
118
119 * Processing activities register (internal)
120 * Initial DPIA for AKEL (internal)
121 * Breach response procedure
122 * Privacy Policy (done, set effective date)
123 * Transparency Policy (done, set effective date)
124 **Should Exist:**
125 * Terms of Service
126 * Simple security policy
127 * CLA
128 **Can Wait:**
129 * Detailed security documentation
130 * Complex governance processes
131
132 === 5.3 Tools and Services ===
133
134 **Hosting:**
135
136 * Swiss providers (Hetzner, Infomaniak) or other reliable hosting
137 * Start small, scale up
138 **Email/Contact:**
139 * Swiss privacy-focused providers (ProtonMail, Tutanota)
140 * Free tiers available initially
141 **Development:**
142 * GitHub or GitLab (free for public repos)
143 **Monitoring:**
144 * Free tier services available (UptimeRobot, etc.)
145 **Documentation:**
146 * GitHub Wiki, GitBook, or XWiki
147
148 == 6. Decision Points ==
149
150 Strategic decisions needed before implementation:
151
152 === 6.1 Critical Decisions ===
153
154 | Decision | Options | Consideration |\\
155 |----|-|-----|\\
156 | **Serve EU users day 1?** | Yes/No/Later | Affects DPO requirement |\\
157 | **Code licensing** | MIT / MIT+AGPL | Simpler vs. stronger copyleft |\\
158 | **Hosting location** | CH/EU/US | Swiss aligns with mission |\\
159 | **AI model** | Open/API | Infrastructure vs. simplicity |\\
160
161 === 6.2 Organizational Decisions ===
162
163 | Decision | Options |\\
164 |----|-|\\
165 | **Governing Team size** | Two minimum, can expand later |\\
166 | **Governing Team meetings** | Quarterly minimum |\\
167 | **DPO** | Only if/when needed |\\
168 | **Commercial Register** | Optional for non-profit |\\
169
170 == 7. Launch Blockers - Go/No-Go Checklist ==
171
172 **Cannot launch until ALL are complete:**
173 **Legal:**
174 - [ ] Verein bylaws adopted
175 - [ ] Governing Team appointed (two members minimum)
176 - [ ] Swiss representative designated
177 - [ ] Privacy Policy effective date set
178 - [ ] Processing activities register created
179 - [ ] Initial DPIA completed
180 **Technical:**
181 - [ ] HTTPS encryption implemented
182 - [ ] Cookie consent (opt-in) working
183 - [ ] Data export functionality working
184 - [ ] Account deletion working
185 - [ ] Breach notification procedure documented
186 **Operational:**
187 - [ ] Contact infrastructure established
188 - [ ] Security incident procedure documented
189 - [ ] Data retention automation configured
190 - [ ] Terms of Service created
191
192 == 8. Post-Launch Compliance ==
193
194 **Immediate Response Required:**
195
196 * Data subject requests (within required timeframe)
197 * Security breaches (immediate FDPIC notification if high risk)
198 * Abuse reports (timely)
199 **Quarterly:**
200 * Governing Team meeting
201 * Review data retention
202 * Security check
203 **Twice Yearly:**
204 * Publish transparency report
205 * Review policies
206 **Annually:**
207 * Publish financial statements
208 * Annual policy review
209 * Privacy audit
210 * External audit (if above revenue threshold)
211
212 == 9. As Team Grows ==
213
214 **Initial (Solo):**
215
216 * One person handles all functions
217 * Document everything
218 * Use templates and tools
219 **Early Growth (First Helpers):**
220 * Distribute technical vs. governance tasks
221 * Cross-training important
222 * Keep communication clear
223 **Established Team:**
224 * Specialized roles emerge naturally
225 * Formal responsibility assignments
226 * More sophisticated processes
227 **Key:** Start simple, scale processes as team and complexity grow.
228
229 == 10. Budget Considerations ==
230
231 **Pre-Launch:**
232
233 * Legal advisor (essential)
234 * Minimal infrastructure
235 * Free tools where possible
236 **Ongoing:**
237 * Hosting (start small)
238 * Email/contact infrastructure
239 * Legal support as needed
240 * Scale as revenue permits
241 **Later:**
242 * Security assessments
243 * Trademark registration
244 * Professional audits
245 * Better tooling
246 **Philosophy:** Start lean, invest as you validate product-market fit.
247
248 == 11. Risk Management ==
249
250 **Key Risks:**
251
252 * Legal delays
253 * Technical complexity
254 * Time management (solo)
255 * Volunteer coordination
256 * Burnout
257 **Mitigation:**
258 * Start legal work early
259 * Build MVP, iterate
260 * Realistic scope
261 * Good documentation
262 * Don't overcommit
263
264 == 12. Success Criteria ==
265
266 **Ready to launch when:**
267
268 * All launch blockers complete
269 * Legal advisor approves policies
270 * Governing Team formally approves launch
271 * Contact infrastructure works
272 * Core functions operational
273 * Capacity to handle support exists
274 **Remember:** Launch with working MVP, not perfect system.
275
276 == 13. Timeline Considerations ==
277
278 **Factors:**
279
280 * Legal processes take time
281 * Technical implementation scope
282 * Part-time vs. full-time work
283 * Availability of help
284 * Budget constraints
285 **Approach:**
286 * Start critical path items early
287 * Build in buffer time
288 * Be realistic about capacity
289 * Iterate after launch
290
291 == 14. Final Notes ==
292
293 **Don't Let Perfect Be the Enemy of Good:**
294 You don't need:
295
296 * Complex infrastructure
297 * Large team
298 * Expensive tools
299 You do need:
300 * Legal compliance
301 * Working functionality
302 * Clear communication
303 **You can launch with:**
304 * Yourself initially
305 * Basic infrastructure
306 * MVP implementation
307 * Free/low-cost tools
308 * Volunteers for help
309 **Focus on:**
310 * Legal requirements (non-negotiable)
311 * Core functionality (working > perfect)
312 * Good documentation (for future team)
313 * Clear communication (honest about solo start)
314 **Scale when:**
315 * You have users
316 * You have validation
317 * Team grows naturally
318 * Revenue supports it
319
320 == 15. Version History ==
321
322 * **V0.9.30** (2025-12-17): Adapted for small organization reality
323
324 == 16. Related Documents ==
325
326 * [[Privacy Policy>>FactHarbor.Organisation.How-We-Work-Together.Privacy-Policy]]
327 * [[Transparency Policy>>FactHarbor.Organisation.How-We-Work-Together.Transparency-Policy]]
328 * [[Open Source Model and Licensing>>FactHarbor.Organisation.Open Source Model and Licensing]]
329 * [[Finance & Compliance>>FactHarbor.Organisation.Finance-Compliance]]
330 * [[Governance>>Archive.FactHarbor 2026\.02\.08.Organisation.Governance.WebHome]]
331 **Last Updated:** December 17, 2025
332 **Status:** Adapted for solo start with team growth expected