Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/SOC 2 Compliance

Security & Compliance

1 min read

What is SOC 2 Compliance?

TL;DR

SOC 2 is an auditing standard developed by the AICPA that verifies a service organization's controls for security, availability, processing integrity, confidentiality, and privacy.

SOC 2 is an auditing standard developed by the AICPA that verifies a service organization's controls for security, availability, processing integrity, confidentiality, and privacy. It's the most common security certification required by enterprise SaaS buyers.

SOC 2 Types: Type I (verifies that controls are designed properly at a point in time) and Type II (verifies that controls operate effectively over a period of time, typically 6-12 months). Type II is more rigorous and more valuable.

The five Trust Service Criteria: Security (protection against unauthorized access), Availability (system uptime and accessibility), Processing Integrity (accurate and timely data processing), Confidentiality (protection of sensitive information), and Privacy (proper handling of personal data).

SOC 2 audit cost: $20,000-100,000+ depending on company size and scope. Ongoing compliance costs include: tool licenses, process maintenance, and annual re-audits.

Why It Matters

SOC 2 is effectively required for any SaaS company selling to enterprise customers. Without SOC 2, you'll be excluded from procurement processes at most mid-market and enterprise companies.

Frequently Asked Questions

What is SOC 2?

An auditing standard that verifies a company controls for security, availability, confidentiality, processing integrity, and privacy. Required by most enterprise SaaS buyers.

How long does SOC 2 take?

Type I: 2-4 months to prepare, then audit. Type II: 6-12 month observation period after controls are in place. Most companies start with Type I, then upgrade to Type II.

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is SOC 2?

How long does SOC 2 take?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks