Skip to Content
Last modified by Robert Schaub on 2025/12/22 14:32
Show last authors
1 = Operational Readiness Checklist =
2 == 1. Purpose and Scope ==
3 This checklist documents prerequisite tasks that must be completed before FactHarbor can launch to the public.
4 **Organization Reality:** Starting as a solo project with team growth expected within the first year. **Status as of:** December 17, 2025 **Target Launch Date:** [To be determined]
5 **Important:** Initially, one person handles multiple functions. This is normal and legal. As the team grows, responsibilities can be distributed.
6 == 2. Critical Tasks (MUST Complete Before Launch) ==
7 These tasks are mandatory for legal compliance and core functionality.
8 === 2.1 Legal & Compliance ===
9 | Task | Status | Notes |
10 |------|--------|-------|
11 | **Engage Swiss legal advisor for policy review** | ⬜ Not Started | Review all policies, bylaws |
12 | **Draft and adopt Verein bylaws (statutes)** | ⬜ Not Started | Required for legal existence |
13 | **Appoint founding board (minimum two members)** | ⬜ Not Started | Can include yourself |
14 | **Apply for Swiss tax-exempt status** | ⬜ Not Started | Cantonal tax authority |
15 | **Designate Swiss representative** | ⬜ Not Started | Can be yourself with Swiss address |
16 | **Create processing activities register** | ⬜ Not Started | Internal document |
17 | **Conduct initial DPIA for AKEL system** | ⬜ Not Started | Can use templates |
18 | **Set effective dates for policies** | ⬜ Not Started | Privacy & Transparency |
19 === 2.2 Technical Implementation ===
20 | Task | Status | Notes |
21 |------|--------|-------|
22 | **Implement opt-in cookie consent banner** | ⬜ Not Started | Open source libraries available |
23 | **Build user data export functionality** | ⬜ Not Started | JSON/CSV export |
24 | **Build account deletion functionality** | ⬜ Not Started | With grace period |
25 | **Implement data retention automation** | ⬜ Not Started | Automated cleanup |
26 | **Set up breach notification procedures** | ⬜ Not Started | Document + FDPIC contact |
27 | **Implement TLS/HTTPS encryption** | ⬜ Not Started | Let's Encrypt or similar |
28 | **Set up security logging** | ⬜ Not Started | One year retention |
29 === 2.3 Organizational Infrastructure ===
30 | Task | Status | Notes |
31 |------|--------|-------|
32 | **Set up contact infrastructure** | ⬜ Not Started | See Section 5 |
33 | **Establish document storage** | ⬜ Not Started | Secure storage for bylaws, minutes |
34 | **Create incident response plan** | ⬜ Not Started | Brief document |
35 | **Set up basic accounting** | ⬜ Not Started | Spreadsheet initially acceptable |
36 | **Establish board meeting schedule** | ⬜ Not Started | Quarterly minimum |
37 == 3. Important Tasks (SHOULD Complete Before Launch) ==
38 These tasks are strongly recommended before launch.
39 === 3.1 Governance & Policy ===
40 | Task | Status | Priority |
41 |------|--------|----------|
42 | **Appoint DPO (if serving EU users from day 1)** | ⬜ Not Started | HIGH - Can be yourself |
43 | **Create Terms of Service** | ⬜ Not Started | HIGH - Adapt templates |
44 | **Create basic Security Policy** | ⬜ Not Started | MEDIUM |
45 | **Create simple CLA** | ⬜ Not Started | HIGH - Adapt existing |
46 | **Document internal escalation** | ⬜ Not Started | LOW |
47 === 3.2 Technical & Operational ===
48 | Task | Status | Priority |
49 |------|--------|----------|
50 | **Set up vulnerability disclosure** | ⬜ Not Started | HIGH |
51 | **Implement 2FA** | ⬜ Not Started | MEDIUM |
52 | **Create user documentation** | ⬜ Not Started | HIGH |
53 | **Set up monitoring** | ⬜ Not Started | HIGH |
54 | **Set up backup systems** | ⬜ Not Started | HIGH |
55 === 3.3 Licensing & Open Source ===
56 | Task | Status | Priority |
57 |------|--------|----------|
58 | **Decide: Code licensing model** | ⬜ Not Started | HIGH - MIT vs MIT+AGPL |
59 | **Create LICENSE files** | ⬜ Not Started | HIGH |
60 | **Set up code repository** | ⬜ Not Started | HIGH |
61 | **Create CONTRIBUTING.md** | ⬜ Not Started | MEDIUM |
62 == 4. Recommended Tasks (Can Be Post-Launch) ==
63 These can wait until after launch or until team grows.
64 | Task | Priority | Notes |
65 |------|----------|-------|
66 | **Trademark registration** | MEDIUM | When budget allows |
67 | **Penetration testing** | MEDIUM | When feasible |
68 | **Transparency Committee** | LOW | When team grows |
69 | **Independent audit** | LOW | When required by revenue threshold |
70 == 5. Required Infrastructure ==
71 === 5.1 Contact Infrastructure ===
72 **Minimum Required:**
73 At minimum, you need contact methods for:
74 * General inquiries
75 * Privacy/data requests (FADP/GDPR requirement)
76 * Security/abuse reports
77 * Governing Team/governance
78 **Options:**
79 **Option A: Single Contact Point**
80 * One email or contact form
81 * Routes internally as needed
82 * State response times clearly
83 **Option B: Functional Separation**
84 * Few key addresses for different purposes
85 * Still manageable by one person
86 **Recommendation:** Wait to set up infrastructure until you have domain and email hosting.
87 === 5.2 Documentation to Prepare ===
88 **Must Exist Before Launch:**
89 * Processing activities register (internal)
90 * Initial DPIA for AKEL (internal)
91 * Breach response procedure
92 * Privacy Policy (done, set effective date)
93 * Transparency Policy (done, set effective date)
94 **Should Exist:**
95 * Terms of Service
96 * Simple security policy
97 * CLA
98 **Can Wait:**
99 * Detailed security documentation
100 * Complex governance processes
101 === 5.3 Tools and Services ===
102 **Hosting:**
103 * Swiss providers (Hetzner, Infomaniak) or other reliable hosting
104 * Start small, scale up
105 **Email/Contact:**
106 * Swiss privacy-focused providers (ProtonMail, Tutanota)
107 * Free tiers available initially
108 **Development:**
109 * GitHub or GitLab (free for public repos)
110 **Monitoring:**
111 * Free tier services available (UptimeRobot, etc.)
112 **Documentation:**
113 * GitHub Wiki, GitBook, or XWiki
114 == 6. Decision Points ==
115 Strategic decisions needed before implementation:
116 === 6.1 Critical Decisions ===
117 | Decision | Options | Consideration |
118 |----------|---------|---------------|
119 | **Serve EU users day 1?** | Yes/No/Later | Affects DPO requirement |
120 | **Code licensing** | MIT / MIT+AGPL | Simpler vs. stronger copyleft |
121 | **Hosting location** | CH/EU/US | Swiss aligns with mission |
122 | **AI model** | Open/API | Infrastructure vs. simplicity |
123 === 6.2 Organizational Decisions ===
124 | Decision | Options |
125 |----------|---------|
126 | **Governing Team size** | Two minimum, can expand later |
127 | **Governing Team meetings** | Quarterly minimum |
128 | **DPO** | Only if/when needed |
129 | **Commercial Register** | Optional for non-profit |
130 == 7. Launch Blockers - Go/No-Go Checklist ==
131 **Cannot launch until ALL are complete:**
132 **Legal:**
133 - [ ] Verein bylaws adopted
134 - [ ] Governing Team appointed (two members minimum)
135 - [ ] Swiss representative designated
136 - [ ] Privacy Policy effective date set
137 - [ ] Processing activities register created
138 - [ ] Initial DPIA completed
139 **Technical:**
140 - [ ] HTTPS encryption implemented
141 - [ ] Cookie consent (opt-in) working
142 - [ ] Data export functionality working
143 - [ ] Account deletion working
144 - [ ] Breach notification procedure documented
145 **Operational:**
146 - [ ] Contact infrastructure established
147 - [ ] Security incident procedure documented
148 - [ ] Data retention automation configured
149 - [ ] Terms of Service created
150 == 8. Post-Launch Compliance ==
151 **Immediate Response Required:**
152 * Data subject requests (within required timeframe)
153 * Security breaches (immediate FDPIC notification if high risk)
154 * Abuse reports (timely)
155 **Quarterly:**
156 * Governing Team meeting
157 * Review data retention
158 * Security check
159 **Twice Yearly:**
160 * Publish transparency report
161 * Review policies
162 **Annually:**
163 * Publish financial statements
164 * Annual policy review
165 * Privacy audit
166 * External audit (if above revenue threshold)
167 == 9. As Team Grows ==
168 **Initial (Solo):**
169 * One person handles all functions
170 * Document everything
171 * Use templates and tools
172 **Early Growth (First Helpers):**
173 * Distribute technical vs. governance tasks
174 * Cross-training important
175 * Keep communication clear
176 **Established Team:**
177 * Specialized roles emerge naturally
178 * Formal responsibility assignments
179 * More sophisticated processes
180 **Key:** Start simple, scale processes as team and complexity grow.
181 == 10. Budget Considerations ==
182 **Pre-Launch:**
183 * Legal advisor (essential)
184 * Minimal infrastructure
185 * Free tools where possible
186 **Ongoing:**
187 * Hosting (start small)
188 * Email/contact infrastructure
189 * Legal support as needed
190 * Scale as revenue permits
191 **Later:**
192 * Security assessments
193 * Trademark registration
194 * Professional audits
195 * Better tooling
196 **Philosophy:** Start lean, invest as you validate product-market fit.
197 == 11. Risk Management ==
198 **Key Risks:**
199 * Legal delays
200 * Technical complexity
201 * Time management (solo)
202 * Volunteer coordination
203 * Burnout
204 **Mitigation:**
205 * Start legal work early
206 * Build MVP, iterate
207 * Realistic scope
208 * Good documentation
209 * Don't overcommit
210 == 12. Success Criteria ==
211 **Ready to launch when:**
212 * All launch blockers complete
213 * Legal advisor approves policies
214 * Governing Team formally approves launch
215 * Contact infrastructure works
216 * Core functions operational
217 * Capacity to handle support exists
218 **Remember:** Launch with working MVP, not perfect system.
219 == 13. Timeline Considerations ==
220 **Factors:**
221 * Legal processes take time
222 * Technical implementation scope
223 * Part-time vs. full-time work
224 * Availability of help
225 * Budget constraints
226 **Approach:**
227 * Start critical path items early
228 * Build in buffer time
229 * Be realistic about capacity
230 * Iterate after launch
231 == 14. Final Notes ==
232 **Don't Let Perfect Be the Enemy of Good:**
233 You don't need:
234 * Complex infrastructure
235 * Large team
236 * Expensive tools
237 You do need:
238 * Legal compliance
239 * Working functionality
240 * Clear communication
241 **You can launch with:**
242 * Yourself initially
243 * Basic infrastructure
244 * MVP implementation
245 * Free/low-cost tools
246 * Volunteers for help
247 **Focus on:**
248 * Legal requirements (non-negotiable)
249 * Core functionality (working > perfect)
250 * Good documentation (for future team)
251 * Clear communication (honest about solo start)
252 **Scale when:**
253 * You have users
254 * You have validation
255 * Team grows naturally
256 * Revenue supports it
257 == 15. Version History ==
258 * **V0.9.30** (2025-12-17): Adapted for small organization reality
259 == 16. Related Documents ==
260 * [[Privacy Policy>>FactHarbor.Organisation.How-We-Work-Together.Privacy-Policy]]
261 * [[Transparency Policy>>FactHarbor.Organisation.How-We-Work-Together.Transparency-Policy]]
262 * [[Open Source Model and Licensing>>FactHarbor.Organisation.Open Source Model and Licensing]]
263 * [[Finance & Compliance>>FactHarbor.Organisation.Finance-Compliance]]
264 * [[Governance>>FactHarbor.Organisation.Governance.WebHome]]
265 **Last Updated:** December 17, 2025 **Status:** Adapted for solo start with team growth expected