Congratulations! Your company is still alive and kicking. You’ve launched, acquired some customers, set up scalable processes and raised some money. You’re probably feeling like the best CTO ever. It’s as if nothing can stand in your way… That is until you truly begin scaling your operations.

“Risk comes from not knowing what you’re doing.” — Warren Buffett

As your business grows in size and complexity, you need to take a deeper look at your operations. What is stopping you from moving forward? What will get you to your next inflexion point (e.g. from 1k to 100k customers)?

From experience, the following areas need to be addressed:

• Decision-Making (delegation)

• Information Systems (internal software tools)

• Security and Data Protection

• Business Continuity

• Policies, Procedures and Governance

• Budget Allocation

• Team Culture (This deserves its own section in Lesson #7)

Unfortunately, not all CTOs get this far because most engineers prefer the building and launching part. Very few enjoy doing the less hands-on stuff “administrative stuff”. If you’ve gotten this far, you’ve probably realised that you are the bottleneck to most things in the tech team and the only one who can fix them.

Decision-Making (How do you un-bottleneck yourself?)

If you’ve followed the advice in Lesson #5, you’ll have good documentation, clear roles and software development functions. This will allow other team members to grow into their roles and take some of the technical, day-to-day tasks away from you. The next step is to build more communication and planning structures. This will ensure that everyone knows what they should be doing as you establish more layers within your team.

Information Systems (Where is all your data?)

When you started the company, there were only a few people. You all knew what you were doing and people just signed up for whatever software they needed to get the job done. If that’s the case, then you probably have company data all over the place. As the CTO, it’s your job to know where your data is, how much it costs to store, how it’s maintained and who owns it.

“As the CTO, it’s your job to know where your data is, how much it costs to store, how it’s maintained and who owns it.”

You need to review your internal tech landscape and decide whether what you have today is right for your future growth. The product you built is easy enough to manage but the internal mess of disparate, disconnected and decentralised systems (owned by different departments) is really going to hurt later down the line…

You don’t need to own all the systems, but you will need to maintain them. For example, customer-facing websites can be owned by the marketing team but they will want your help when things go wrong. You’ll need to know which host provider they are using, who has admin access rights and whether they have suitable security controls in place.

Security and Data Protection (How do we protect ourselves?)

Security permeates all areas of your organisation from your customer-facing product to your email service. If you don’t take security seriously, you’re not serious about your business. All it takes is one data breach or cyber attack to bring down your entire operation or worse, your company.

“If you don’t take security seriously, you’re not serious about your business.”

Make sure you have the basics in place including; multi-factor authentication, access controls, auto-updates, device management and data loss prevention. As in life, the greatest risk is doing nothing.

Business Continuity (How do you reduce unwanted downtime?)

Once things are running smoothly, you want them to continue doing so. To protect the business against downtime, you need to implement a business continuity and disaster recovery program. This may seem like an unnecessary complexity, however, you don’t want to lose any of your precious paying customers or development progress.

“If you don’t know about it, you can’t protect it and you definitely can’t plan around it.”

In the early days, you could quickly and easily redeploy code and avoid the hassle. This cowboy approach doesn’t work when your systems become more complex and the business begins setting SLAs for uptimes, time to recovery and data integrity (i.e. backups). If you don’t know about it, you can’t protect it and you definitely can’t plan around it.

Policies, Procedures and Governance (How do we maintain quality?)

Another feature of becoming an adult-sized business is the paperwork. You’ll have to write policies, procedures and governance functions around security, on-boarding and off-boarding of employees, BYOD and more. All of the really boring yet super important things. This is where a lot of CTOs give up and go home. This kind of documentation is not for everyone but there are many resources that can help you (if you want it).

If you don’t have these policies in place, it makes people and quality management much more difficult. As your company grows, people are going to ask questions. You want to point them to an internal document that provides a clear, standardised answer to each question. Additionally, this helps you comply with GDPR and industry-specific organisations such as the FCA.

Budget Allocation (How should you allocate capital?)

Budgets are never perfect. Sometimes you forget to put something in or underestimate a line item. It happens and, over time, you’ll get better at predicting your costs. However, you need to be cognizant of the ROI for the business (see Lesson #4). For example, if your annual turnover is $2 million and you ask for a $1 million tech budget, you need to show how this figure will drive growth. Set clear objectives with your budget — $X million will achieve a Y% increase in revenue or a Z% reduction in costs.

Recommended Reading: High Growth Handbook (Elad Gil) + Good to Great (Jim Collins)

Take me back to the Startup CTO Handbook >

Go to Lesson #7 - Nurture your team culture

This guide originally appeared on Medium, you can find the original here.