Solanasis Docs

Solanasis_Operational_Baseline_Questionnaire

27 min read

Solanasis — Operational Baseline Questionnaire (OBQ)

Purpose: Comprehensive discovery questionnaire to assess a client’s operational, security, and technology baseline. Designed to be asked verbally during discovery calls (recorded via Fathom or similar), then fed back into AI for analysis and proposal generation. Version: 1.0 Created: 2026-03-16 Owner: Dmitri Sunshine, CEO How to use:

  1. Make a copy of this file for each client (rename: OBQ_[ClientName]_[Date].md)
  2. Work through phases IN ORDER — if they can’t answer Phase 1, don’t bother with Phase 2+
  3. You don’t have to ask every question — pick the ones relevant to the conversation
  4. Record the call — your AI note-taker captures the answers, then you (or AI) fill in this form later
  5. After the call, feed the transcript + this questionnaire into AI for analysis and proposal drafting

Phase logic:

  • Phase 1 (Foundation): Every client. Takes 15-20 min. If they struggle here, they need basics first.
  • Phase 2 (Security & Resilience): Every client who passes Phase 1. Takes 15-20 min. This is your ORB wedge.
  • Phase 3 (Operations & Workflows): Clients who want operational help. Takes 15-20 min.
  • Phase 4 (Growth & Automation): Clients ready for AI, CRM, or scaling. Takes 10-15 min.
  • Phase 5 (Partnership & Strategic): Only for partnership/embedded conversations. Takes 10-15 min.

Companion docs:

Client Info (fill before or during call)

FieldAnswer
Company name
Contact name(s) + role(s)
Website
Industry / vertical
Team size (employees + contractors)
Annual revenue range
How they found us / referral source
Date of this call
Recorder running?[ ] Yes [ ] No

PHASE 1: Foundation — “Where Are You Today?”

Purpose: Understand the basics — who they are, what they use, and how they’re structured. If they can’t answer these questions clearly, that IS the finding. Time: 15-20 min When to use: EVERY discovery call. No exceptions. Gate to Phase 2: If they answer fewer than half of these, they need foundational work before anything else.

1.1 — Business & Team Structure

Q1. Give me the elevator pitch — what does your company do and who do you serve?

Answer:

Q2. How is your team structured? Who does what?

Why we ask: Reveals org chart gaps, unclear ownership, and where roles overlap or are missing entirely. Informs who we’d work with during an engagement.

Answer:

Q3. Who makes the final call on technology and operations decisions?

A) Founder/CEO B) COO or Ops lead C) IT person or MSP (Managed Service Provider — a company that manages your IT for you) D) It’s shared / unclear E) Other: ___

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q4. Are you growing, stable, or in a transition right now?

Why we ask: Growth means we need to build for scale. Stable means optimization. Transition means migration and change management.

A) Growing — hiring, new clients, expanding B) Stable — maintaining current operations C) In transition — reorganizing, pivoting, merging, or cutting D) Launching something new alongside the existing business

Select:

  • A
  • B
  • C
  • D

Notes:

1.2 — Technology & Tools

Q5. What’s your primary workspace — where does your team live day to day?

A) Microsoft 365 (Outlook, Teams, SharePoint, OneDrive) B) Google Workspace (Gmail, Drive, Meet, Docs) C) Mix of both D) Something else: ___ E) Not really centralized — everyone uses different things

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q6. Let’s map your full tool stack. What tools and software does your team use? Let’s go category by category.

Instructions: Go through each row. If they don’t have something, that’s a finding. Write “NONE” — don’t skip it.

CategoryTool(s) UsedWho Manages ItPaid or Free?
Email (Gmail, Outlook, etc.)
Calendar
File storage (Google Drive, Dropbox, SharePoint, Box)
Project management (ClickUp, Asana, Monday, Trello)
CRM / Sales tracking (HubSpot, Salesforce, Pipedrive, spreadsheet)
Communication (Slack, Teams, WhatsApp, email-only)
Video conferencing (Zoom, Meet, Teams)
Accounting / Finance (QuickBooks, Xero, FreshBooks)
Website (WordPress, Squarespace, Wix, custom)
Social media management
Email marketing (Mailchimp, ConvertKit, ActiveCampaign)
Payment processing (Stripe, Square, PayPal)
HR / Payroll (Gusto, Rippling, ADP, manual)
Document signing (DocuSign, HelloSign, Adobe Sign)
Password manager (see Q7)
Backup solution (see Phase 2)
Other tools

Q7. How does your team manage passwords?

Why we ask: This is one of the top 3 security indicators. If they say “everyone has their own system” or “we share them over Slack/text,” that’s a critical finding.

A) We use a business password manager (e.g., 1Password, Bitwarden, Dashlane, LastPass) — shared vaults for team, individual vaults for personal B) Everyone uses their own personal password manager C) We have a shared spreadsheet or document with passwords D) Passwords are shared via Slack, text, or email when needed E) Everyone manages their own — I don’t know how they handle it F) We reuse the same passwords across accounts G) Honestly, I’m not sure

Select:

  • A
  • B
  • C
  • D
  • E
  • F
  • G

Notes:

🔴 Critical finding if: C, D, E, F, or G

Q8. How do you handle user access when someone joins or leaves your company?

Why we ask: “Offboarding hygiene” is one of the biggest security risks for small businesses. If there’s no process, ex-employees may still have access to systems, email, and data.

A) We have a documented onboarding/offboarding checklist B) We do it manually but cover the basics (disable email, change shared passwords) C) The IT person or MSP handles it D) We don’t really have a formal process — we figure it out each time E) I’m not confident we revoke all access when someone leaves

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

🔴 Critical finding if: D or E

Q9. How many separate logins/accounts does a typical team member have across all your tools?

Why we ask: More than 10 = tool sprawl. Less than 5 with no SSO (Single Sign-On — one login for everything) = possible shared accounts. This informs the consolidation conversation.

A) 1-5 B) 6-10 C) 11-20 D) 20+ E) No idea

Answer:

Notes:

Q10. Do you use Single Sign-On (SSO) — meaning one login that connects to all your apps?

What SSO means: Instead of separate usernames and passwords for every tool, you log in once (usually via Google or Microsoft) and it automatically signs you into everything.

A) Yes — everything goes through Google/Microsoft login B) Some apps use SSO, others have separate logins C) No — every app has its own login D) I don’t know what that is (that’s fine — this is a finding)

Select:

  • A
  • B
  • C
  • D

Notes:

1.3 — Communication & Documentation

Q11. How does your team primarily communicate?

Why we ask: Communication tool sprawl (messages split across Slack, text, WhatsApp, email, DMs) means things get lost. We need to know the real channels, not just the official ones.

A) One primary tool — everyone uses it (Slack, Teams, etc.) B) Mostly email C) Mix of tools — depends on the person and situation D) Honestly, it’s chaotic — messages are everywhere E) We rely heavily on in-person or phone calls

Select:

  • A
  • B
  • C
  • D
  • E

What tools specifically:

Q12. Do you have documented SOPs (Standard Operating Procedures) for your most important workflows?

What SOPs are: Step-by-step instructions for how to do a key task — so anyone on the team can do it consistently, even if the usual person is out.

A) Yes — we have a wiki, handbook, or docs for most key processes B) Some things are documented, most are not C) It’s mostly in people’s heads D) We’ve tried to document but it’s outdated E) No documentation at all

Select:

  • A
  • B
  • C
  • D
  • E

Where do they live (tool/location):

🟡 Yellow flag if: C, D, or E — high bus factor (Bus Factor = if ONE person left, would the knowledge leave with them?)

Q13. If your best employee left tomorrow, what knowledge would walk out the door with them?

Why we ask: This is the “bus factor” question. Reveals undocumented institutional knowledge and single points of failure.

Answer:

Q14. Do you record your meetings?

A) Yes — we use Fathom, Otter, Fireflies, or similar B) Sometimes / inconsistently C) No — we don’t record D) We take manual notes but don’t record

Select:

  • A
  • B
  • C
  • D

Tool used:

1.4 — Domain & Online Presence

Q15. Where is your domain name registered, and who has access to that account?

Why we ask: Your domain is one of your most critical assets. If you lose access to your domain registrar, you lose your website, email, and brand. Surprisingly common with small businesses.

A) I know exactly where it is and have access B) I think I know but haven’t logged in recently C) Someone else set it up — I’m not sure who has the credentials D) Our web developer/agency controls it E) I honestly don’t know

Registrar (GoDaddy, Namecheap, Cloudflare, Google, etc.):

Who has access:

🔴 Critical finding if: C, D, or E

Q16. Do you have a website? If yes, what platform and who maintains it?

A) Yes — we manage it internally B) Yes — an agency or freelancer manages it C) Yes — but nobody is really maintaining it D) We have one but it’s outdated E) No website

Platform (WordPress, Squarespace, Wix, custom, etc.):

Who has admin access:

Last time it was meaningfully updated:

Q17. Do you have a professional email address (@yourdomain.com) or are you using personal email for business?

A) Professional email for everyone (@company.com) B) Professional email for some, personal for others C) We all use personal email (Gmail, Yahoo, etc.)

Select:

  • A
  • B
  • C

Notes:

PHASE 2: Security & Resilience — “How Protected Are You?”

Purpose: Assess their security posture, backup/disaster recovery readiness, and compliance obligations. This is the ORB (Operational Resilience Baseline) qualification phase. Time: 15-20 min When to use: Every client who completed Phase 1. Even if they came in for CRM or automation, security is foundational. Gate to Phase 3: If they have critical findings here (red flags), security work should be Phase 1 of the proposal.

2.1 — Backup & Disaster Recovery

Q18. Do you have backups? And more importantly — has anyone actually TESTED restoring from them?

Why we ask: This is the #1 question in our practice. “Having backups” and “being able to restore” are two completely different things. Most small businesses have never tested a restore.

A) Yes — we have backups AND we’ve tested a restore in the last 90 days B) Yes — we have backups but haven’t tested a restore recently (or ever) C) I think we have backups, but I’m not sure what’s covered D) Our MSP or IT person handles it — I assume it’s working E) We don’t have a formal backup solution F) I don’t know

Select:

  • A
  • B
  • C
  • D
  • E
  • F

What backup tool/service:

What’s being backed up:

Last known restore test:

🔴 Critical finding if: anything other than A

Q19. If your primary system went down RIGHT NOW — how long until you’re fully operational?

What this measures: RTO = Recovery Time Objective — how fast you can get back up. If they say “I don’t know,” that IS the answer.

A) Minutes — we have failover/hot standby B) Hours — we could restore from backups within the day C) Days — it would take significant effort to recover D) Weeks — we’d be scrambling E) I honestly don’t know how long it would take

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q20. If you lost all your data today — how much work would you lose?

What this measures: RPO = Recovery Point Objective — how much data is at risk between your last backup and right now.

A) Nothing — we sync/backup continuously or near-real-time B) A few hours of work C) A day or more D) Potentially a lot — I’m not sure when the last backup ran E) Everything — we don’t have backups for this

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q21. What’s the one system that, if it went down, would stop your business cold?

Why we ask: Identifies their single point of failure. This is where we focus the ORB assessment first.

Answer:

Is this system backed up?

Is there a plan if it goes down?

2.2 — Identity & Access Security

Q22. Is Multi-Factor Authentication (MFA/2FA) enabled on your critical accounts?

What MFA/2FA is: After entering your password, you also need a second verification — usually a code from your phone, a push notification, or a physical security key. This stops 99.9% of password-based attacks.

A) Yes — enforced for everyone on all critical systems B) Yes — but only some people or some systems C) Some people use it by choice, but it’s not required D) No — we don’t use MFA E) I don’t know

Select:

  • A
  • B
  • C
  • D
  • E

Which systems have it:

Which don’t:

🔴 Critical finding if: C, D, or E

Q23. Who has admin/owner access to your most critical systems?

Why we ask: Too many admins = risk. Zero documented admins = bigger risk. We need to know who holds the keys.

A) It’s documented and we review it regularly B) A few people have admin, but it’s not formally documented C) Everyone who needs it has it — probably too many people D) I’m not sure who has admin access to what E) One person has all the admin access (single point of failure)

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q24. Do you have any shared accounts — where multiple people use the same login?

Why we ask: Shared accounts eliminate accountability (who did what?) and make it impossible to revoke one person’s access without affecting everyone.

A) No — everyone has their own account for everything B) A few shared accounts for specific tools C) Yes — we share logins for several systems D) Some tools only allow one login so we have to share

Select:

  • A
  • B
  • C
  • D

Which accounts are shared:

Q25. Have you had any security incidents in the last 12 months? Even small ones.

Examples: Phishing email clicked, suspicious login, account compromised, data accidentally shared, ransomware attempt, website hacked, lost/stolen device

A) No — nothing we’re aware of B) Yes — minor (phishing attempt, suspicious email, etc.) C) Yes — moderate (account compromised, data exposed, unauthorized access) D) Yes — serious (ransomware, breach, significant data loss) E) I’m not sure — we might not know if something happened

Select:

  • A
  • B
  • C
  • D
  • E

Details:

2.3 — Policies & Compliance

Q26. Do you have any written security or IT policies?

Examples: Acceptable use policy, password policy, BYOD (Bring Your Own Device) policy, incident response plan, data classification policy

A) Yes — documented and team has been trained on them B) Yes — they exist but nobody really follows them C) We have informal rules but nothing written D) No policies at all

Select:

  • A
  • B
  • C
  • D

Which policies exist:

Q27. Do you have any compliance obligations or industry regulations?

Examples: HIPAA (healthcare), PCI DSS (Payment Card Industry Data Security Standard — required if you accept credit cards), SOC 2 (service organization controls), GDPR (General Data Protection Regulation — EU data privacy), state data privacy laws, insurance requirements, client/vendor security questionnaires

A) Yes — we know exactly what we need to comply with B) We think so but aren’t sure exactly what applies C) We’ve received vendor security questionnaires that we struggle to answer D) We have cyber insurance that has requirements we should be meeting E) No specific compliance obligations that we know of F) Not sure

Select:

  • A
  • B
  • C
  • D
  • E
  • F

Specific requirements:

Q28. Do you have cyber insurance?

A) Yes — and we’ve reviewed the policy requirements recently B) Yes — but I’m not sure what’s covered or what’s required of us C) It’s bundled in our general business insurance — not sure of details D) No E) We’re looking into getting it

Select:

  • A
  • B
  • C
  • D
  • E

Carrier/policy details if known:

2.4 — Endpoint & Device Security

Q29. What devices does your team use for work?

A) Company-issued laptops/desktops only B) Mix of company-issued and personal devices (BYOD) C) Mostly personal devices D) Mobile phones for work communications (WhatsApp, email, etc.)

Select (all that apply):

  • A
  • B
  • C
  • D

Notes:

Q30. Are work devices encrypted?

What this means: Disk encryption (like BitLocker on Windows or FileVault on Mac) scrambles data on the hard drive so if a laptop is lost or stolen, the data can’t be read without the password.

A) Yes — all devices are encrypted B) Some are, some aren’t C) I don’t think so D) I don’t know E) We use personal devices so we can’t enforce this

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q31. How are software updates and patches handled on work devices?

Why we ask: Unpatched devices are one of the top 3 attack vectors. If nobody is managing updates, that’s a finding.

A) Automatically — managed by IT/MDM (Mobile Device Management — software that manages company devices remotely) B) We remind people to update but don’t enforce it C) Everyone is responsible for their own updates D) I don’t think we have a process for this

Select:

  • A
  • B
  • C
  • D

Notes:

Q32. Do you have antivirus/endpoint protection on all work devices?

A) Yes — managed centrally (e.g., CrowdStrike, SentinelOne, Defender for Business) B) Yes — but each person manages their own C) We rely on the built-in protection (Windows Defender, macOS) D) I don’t think so E) I don’t know

Select:

  • A
  • B
  • C
  • D
  • E

What product:

2.5 — Email Security

Q33. Does your email have spam/phishing protection beyond the default?

Why we ask: Default email filtering catches obvious spam but misses sophisticated phishing — the #1 way small businesses get compromised.

A) Yes — we have a dedicated email security tool (e.g., Proofpoint, Mimecast, Barracuda, Avanan) B) We rely on Google/Microsoft built-in filtering C) We’ve had phishing emails get through recently D) I don’t know what protection we have

Select:

  • A
  • B
  • C
  • D

Notes:

Q34. Has your team received any security awareness training?

Why we ask: The biggest security risk is always human behavior. One click on a phishing link can bypass every technical control.

A) Yes — regular training (at least annually) B) We did it once when we started C) Some informal guidance but no formal training D) No training at all

Select:

  • A
  • B
  • C
  • D

Notes:

Q35. Are any email accounts set up to auto-forward to external addresses?

Why we ask: External email forwarding is a common attack persistence technique — a hacker gains access, sets up a forwarding rule to their own account, and continues receiving copies of all email even after the password is changed.

A) No B) Yes — intentionally (we forward to a partner, accountant, etc.) C) I don’t know — we haven’t checked

Select:

  • A
  • B
  • C

Notes:

PHASE 3: Operations & Workflows — “How Do You Actually Work?”

Purpose: Understand their operational processes, bottlenecks, and where systems are failing them. This phase informs CRM, integration, and process improvement proposals. Time: 15-20 min When to use: Clients who want operational help, not just security. Gate to Phase 4: If they can’t describe their key workflows, process documentation comes before automation.

3.1 — Client/Customer Lifecycle

Q36. Walk me through what happens when a new client/customer comes in — from first contact to fully onboarded.

Why we ask: This reveals the entire intake workflow — manual handoffs, automation gaps, and where leads fall through the cracks.

Answer:

How many tools are involved:

Where does it break down:

Q37. How do you track your sales pipeline or opportunities?

A) CRM with formal pipeline stages (HubSpot, Salesforce, Pipedrive, etc.) B) Project management tool with custom pipeline (ClickUp, Monday, etc.) C) Spreadsheet D) Email and memory E) We don’t really track pipeline

Select:

  • A
  • B
  • C
  • D
  • E

Tool name:

Notes:

Q38. How do you handle follow-ups with prospects or existing clients?

A) Automated sequences (email drip, CRM reminders) B) Manual — I/we set reminders and follow up ourselves C) It’s mostly reactive — we respond when they reach out D) We’re bad at this — things fall through the cracks

Select:

  • A
  • B
  • C
  • D

Estimated % of follow-ups that get done:

Q39. What happens AFTER you deliver your service — is there an ongoing relationship?

Why we ask: If the answer is “not really,” there’s a massive upsell/retention opportunity sitting on the table.

A) Yes — ongoing relationship with regular touchpoints B) Somewhat — we check in occasionally C) Not really — we deliver and move on D) We want to but don’t have a system for it

Select:

  • A
  • B
  • C
  • D

Notes:

Q40. How many past clients/customers do you have in your database?

Why we ask: This is often the biggest untapped asset. Existing clients who already trust you are 5-10x easier to sell to than cold leads.

Number of past clients:

Do you have current contact info for them?

When was the last time you contacted them?

Any upsell or re-engagement programs?

3.2 — Internal Operations

Q41. How does your team track projects and tasks?

A) Dedicated PM tool (ClickUp, Asana, Monday, etc.) — used consistently B) PM tool exists but adoption is inconsistent C) Email and meetings D) Spreadsheets or docs E) It’s in people’s heads

Select:

  • A
  • B
  • C
  • D
  • E

Tool name:

Who uses it well? Who doesn’t?

Q42. How many different communication channels is your team using?

Why we ask: If messages are split across Slack, email, text, WhatsApp, DMs, and meetings, important things get lost. We’re looking for communication sprawl.

List every channel (be honest — include personal texting if that happens):

Which one is the “source of truth”?

What gets lost between channels?

Q43. How does leadership get visibility into what the team is working on?

A) Dashboard or automated reports B) Regular standup meetings C) Asking people directly D) We don’t have great visibility

Select:

  • A
  • B
  • C
  • D

Notes:

Q44. What’s the one process in your business that, if you documented it properly, would save the most headaches?

Why we ask: This identifies their highest-ROI SOP (Standard Operating Procedure) opportunity.

Answer:

Q45. How do you handle reporting — financial, operational, client-facing?

A) Automated dashboards (from PM tool, CRM, or accounting software) B) Manual reports built on a schedule C) Ad hoc — we build reports when someone asks D) We don’t really do regular reporting

Select:

  • A
  • B
  • C
  • D

Notes:

3.3 — Integrations & Data Flow

Q46. How do your tools talk to each other? Do you have integrations or automations running?

A) Yes — we use Zapier, Make, or similar to connect tools B) Some native integrations (e.g., Gmail ↔ CRM) C) Mostly manual — we copy/paste between systems D) Tools don’t talk to each other at all

Select:

  • A
  • B
  • C
  • D

What integrations exist:

What breaks most often:

Q47. Where does your most important data live — and is there one source of truth?

Why we ask: If customer data lives in 3 places (CRM, spreadsheet, email) and none of them match, that’s a data integrity problem that compounds over time.

A) One primary system that everything flows through B) 2-3 systems with some overlap C) Data is scattered across many tools D) I’m honestly not sure where everything is

Select:

  • A
  • B
  • C
  • D

Where does client/customer data live:

Where does financial data live:

Where does operational data live:

Q48. How many manual copy-paste steps happen between your systems on a typical day?

Why we ask: Every manual data transfer is an error opportunity and a time sink. This sizes the integration/automation opportunity.

A) None — everything is automated B) A few — mostly manageable C) A lot — it’s a daily frustration D) It’s constant — we’re basically human middleware

Select:

  • A
  • B
  • C
  • D

Biggest offenders:

PHASE 4: Growth & Automation — “Where Do You Want to Go?”

Purpose: Understand their growth ambitions, AI readiness, and automation appetite. This informs CRM setup, AI implementation, and agent system proposals. Time: 10-15 min When to use: Clients who have Phase 1-3 reasonably handled and are looking to scale.

4.1 — AI & Automation Readiness

Q49. Are you using any AI tools right now?

A) Yes — formally adopted (company policy, specific tools) B) Yes — informally (people using ChatGPT, Copilot, etc. on their own) C) We’ve experimented but nothing stuck D) No — haven’t really explored it E) We’re interested but don’t know where to start

Select:

  • A
  • B
  • C
  • D
  • E

Which tools:

What for:

Q50. Do you have any concerns about AI?

Why we ask: Understanding their concerns lets us address them in the proposal and build trust.

A) Data privacy — worried about sensitive info going into AI tools B) Accuracy — concerned about AI making mistakes C) Team adoption — worried people won’t use it or will resist D) Cost — not sure it’s worth the investment E) Replacing people — concerned about job displacement on the team F) Compliance — not sure if AI use meets our regulatory requirements G) No concerns — we’re excited about it H) Other: ___

Select (all that apply):

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H

Notes:

Q51. If you could automate one thing in your business tomorrow, what would it be?

Answer:

Q52. What manual process eats up the most time for you or your team each week?

Answer:

Estimated hours/week spent on it:

Q53. Do you have an AI policy or any governance around how your team uses AI tools?

What an AI policy covers: Which tools are approved, what data can/can’t be put into AI, quality review requirements, disclosure rules for AI-generated content.

A) Yes — formal AI policy in place B) Informal guidelines but nothing written C) No — everyone does whatever they want D) We didn’t know we needed one

Select:

  • A
  • B
  • C
  • D

Notes:

4.2 — CRM & Sales Automation

Q54. What’s your biggest frustration with how you currently manage client relationships?

Answer:

Q55. If I looked at your CRM (or whatever you use to track clients) right now, how clean is the data?

A) Very clean — consistent fields, no duplicates, up to date B) Mostly clean with some gaps C) Messy — duplicates, missing info, inconsistent data D) Disaster — it’s basically unusable E) We don’t have a CRM

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

Q56. What does leadership need to see in a dashboard to run the business effectively?

Why we ask: This shapes the reporting and CRM configuration. If they can’t answer this, helping them define it is a deliverable.

Answer:

4.3 — Website & Digital Presence

Q57. How important is your website to your business — does it generate leads?

A) Critical — primary lead source B) Important — supports credibility but most leads come elsewhere C) Just a brochure — doesn’t really drive business D) It’s outdated and probably hurts more than helps

Select:

  • A
  • B
  • C
  • D

Notes:

Q58. Do you have analytics on your website? Do you look at them?

A) Yes — we track and review regularly (Google Analytics, etc.) B) Analytics are set up but nobody looks at them C) I don’t think we have analytics D) I don’t know

Select:

  • A
  • B
  • C
  • D

Notes:

Q59. Is your website being monitored for uptime and security?

Why we ask: If their website goes down, they may not know for hours or days. Monitoring tools send an alert within minutes.

A) Yes — we get alerts if the site goes down B) We’d probably hear about it from customers C) No monitoring at all D) I don’t know

Select:

  • A
  • B
  • C
  • D

Notes:

PHASE 5: Partnership & Strategic — “How Do We Work Together?”

Purpose: Only for conversations where we’re exploring a partnership, not just a service engagement. Time: 10-15 min When to use: When the prospect has indicated interest in ongoing/embedded relationship, or when there’s a co-delivery or referral opportunity.

Q60. If we were to work together, what does “partnership” mean to you?

A) You deliver services, we pay for them (vendor/client) B) You’re embedded with our team — more like a fractional CIO/CTO C) We co-deliver to our mutual clients D) You build, we sell (white-label or reseller) E) We refer clients to each other F) Something else: ___

Select:

  • A
  • B
  • C
  • D
  • E
  • F

Notes:

Q61. Who owns the client relationship in this partnership?

A) We do — you support from behind B) You do — we make introductions C) Shared — we both have a relationship with the client D) Depends on who found the client

Select:

  • A
  • B
  • C
  • D

Notes:

Q62. What services do your clients ask for that you don’t currently offer?

Why we ask: This is where Solanasis fills the gap. Every unmet need they mention is a potential engagement for us.

Answer:

Q63. Have you tried partnering with other firms before? What happened?

Answer:

Q64. What does success look like in 90 days if we work together?

Answer:

Q65. What does success look like in 12 months?

Answer:

Q66. What are the deal-breakers for you in a working relationship?

Answer:

Q67. How should we handle pricing when both parties are involved?

A) We bill our client, pay you separately B) You bill the client directly C) Co-branded proposal with split pricing D) We haven’t thought about it yet E) Other: ___

Select:

  • A
  • B
  • C
  • D
  • E

Notes:

POST-QUESTIONNAIRE: Scoring & Next Steps

Quick Assessment Score

After the call, rate each phase 1-5 based on their answers:

PhaseScore (1-5)Key FindingsService Opportunity
Phase 1: Foundation/5
Phase 2: Security/5
Phase 3: Operations/5
Phase 4: Automation/5
Phase 5: Partnership/5

Scoring guide:

  • 1 = Critical gaps — They need immediate help. This is a Phase 1 project.
  • 2 = Significant issues — Multiple findings, but they’re aware of some.
  • 3 = Average — Some good practices, some gaps. Typical SMB.
  • 4 = Above average — Most things are handled, looking to optimize.
  • 5 = Strong — Well-managed; looking for strategic enhancement.

Engagement Recommendation

Based on scores, recommend one of:

  • ORB First (Phase 2 score ≤ 2) — Security & resilience assessment before anything else
  • Quick Wins Sprint (Phase 1 score ≤ 2) — Get their foundation in order (passwords, access, docs)
  • Operations Optimization (Phase 3 score ≤ 3) — Process improvement + tool optimization
  • AI/Automation Package (Phase 4 score ≤ 3, Phase 1-3 ≥ 3) — They have the foundation, ready for agents
  • Full Fractional CIO (Multiple phases ≤ 3) — They need embedded, ongoing support
  • Strategic Partnership (Phase 5 explored) — Co-delivery or referral arrangement

Red Flags Summary

List all 🔴 critical findings from the questionnaire:

Proposal Outline

Based on the questionnaire, outline the proposal structure:

Phase 1 (Immediate):

Phase 2 (Short-term):

Phase 3 (Ongoing):

Estimated pricing range:

Next step:

Pro Tip: The best use of this questionnaire isn’t asking every question — it’s knowing which questions to SKIP. If they tell you in Q7 that they share passwords via Slack, you don’t need to ask Q22 about MFA — you already know the answer. Let the conversation flow naturally. The questionnaire is your safety net, not your script. When you review the transcript with AI afterward, it’ll fill in the gaps you missed based on context clues in the conversation.

This questionnaire is a living document. After every discovery call, note which questions were most useful, which ones confused people, and what questions you wish you’d asked. Update the OBQ quarterly.

Graph View

Backlinks