As a B2B SaaS startup we must complete time consuming security documents before some deals. Is it accepted practice to charge customers for the time?
It isn’t. It will clearly send the wrong message. That you don’t know what you are doing.
I know this takes so, so much time in the early stage. In the early-ish days, doing this will be supremely frustrating. The key is to get big enough so it’s part of someone’s job to just do this. And then … the questions all start to repeat. So it gets easier. Although, still, very time consuming. But once you are big enough — time consuming for someone on the team. Not you. Suck it up until then.
But. It’s totally OK to charge any customer asking for a SecOps audit 15-20% of the ACV in professional services fees overall.
Do that instead.