Whenever a new IT venture is stared, project managers normally analyze the feasibility of the project from several parameters.
For example we look at the market Feasibility to understand whether there is adequate demand for the product and what are the current supply positions and the identified gaps. For greater clarity the market feasibility may identify the product positioning, market segmentation and the impact of price on demand etc.
Similarly we look at the technical feasibility of the project identifying the technology requirements and whether the technical resources are available for meeting the product as demanded in the market at the quality required and at the price accepted.
Additionally we look at the managerial feasibility of what kind of managerial resources are required and are available to the company either in house or in the market and at what price etc.
Financiers including venture capitalists look at the financial feasibility and examine the cost of project and the means of finance with variables such as the debt equity combination, the break even point etc.
Normally a Tech Start-Up represents the dream of a Techie who is perhaps a brilliant software developer. But often he is not necessarily equally brilliant in Marketing, Finance or Man Management. Successful Start Ups often consist of a promoter mix where one or more is a Marketing or Financial expert. Since manpower requirements primarily are other software professionals, the promoters may be able to pool the talent for their production division from their past contacts or through friends.
In the midst of all these, Tech Start Up promoters often lose sight of the fact that there is a need for a “Techno Legal Feasibility Analysis” of a project in addition to the four kinds of feasibility mentioned above. Often the success and failure of a Start Up depends on this factor which is actually alien to the tech savvy promoters as well as the finance wizards in the venture capital firms.
Let’s briefly understand what are “Techno Legal Risks”.
We do understand in the information security scenario what is meant by a “Threat” and “Vulnerability” or their net result which we call as “Risk”. In “Techno Legal Feasibility Study”, the analyst tries to make an assessment of the Legal Threats and Legal Vulnerabilities and arrives at the “Legal Risks” that a business project faces. It is a part of project planning requirement that the management should have a suitable control/s in place to mitigate, avoid, transfer or absorb these techno legal risks.
Such an analysis will prevent resources being deployed on a business which is likely to meet with a legal suit sooner or later which can destroy the earlier plans. A peculiar aspect of legal risks is that they mature when the business is ripe and is already a cash cow. The technical risks on the other hand often surface when the business is in the starting phase where there is still an opportunity to forget the impact and re start. But the legal risk which manifests when the business has already taken shape and built a base often cripples an organization forcing it to quit.
We can recall the experiences of Napster which was a great technical and marketing success but turned out to be a disaster because the legal risks were not covered fully. Radiant Software of Chennai is another example of a similar nature which had to sell out being unable to meet the legal liabilities arising out of a legal issue.
If an organization undertakes a Techno Legal Feasibility study at the start up phase, the implementation of strategies to mitigate the risks can seamlessly transform into strategies for meeting the “Information Security/Assurance” requirements when the business goes on stream. Otherwise the business will realize the need for Information Security much later in the life time of the organization when it becomes difficult and more expensive to implement a total transformation of the organization from a “Laissez Faire Organization” to an “Information Security Conscious” organization. Often such a transformation will create dissonance in the organization which may even force some critical resources to resign.
Every CISO who has told the company that they should introduce a “No Camera Phone in Premises” can understand the difficulty implementation of such a transformation represents. On the other hand if such a policy is there from the zero day, (or at least the day 1) then implementation of information security becomes easy.
It is high time Venture Capitalists and equity investors in Tech Start Ups make “Techno Legal Feasibility Study” a part of their “due-diligence” for project evaluation.
If you agree or disagree, drop in your comments..
PS: While the above article focuses on Start Ups, it also applies to all those organizations which have increased their technology stake in business such as introducing E-Services, E Commerce outlets, E Banking services etc to their legacy service base.