# Client Onboarding Checklist # AI Services Client Onboarding Checklist **Version:** 1.0 | **Date:** 2026-05-01 | **Owner:** CEO + John + Lexicon --- ## Overview This checklist covers the complete client onboarding journey from initial contact through first invoice and project kickoff. **Total Estimated Duration:** 7-14 business days (contract-to-kickoff) | 2-6 weeks (contract-to-first-delivery) --- ## Phase 1: Pre-Contract Documentation ### Step 1.1: Mutual NDA Execution **Owner:** CEO | **Duration:** 1-3 days 1. CEO fills [NDA template](https://docs.alai.no/books/legal-templates-v1/page/mutual-nda-template-v1) with client details 2. Upload to Documenso (sign.basicconsulting.no) 3. Both parties sign 4. Archive signed PDF to Paperless-ngx with tags: `legal-contract`, `nda`, `ai-services`, `[CLIENT_NAME]` 5. Record in `~/system/state/archive-first-ledger.jsonl` **✓ Done when:** Signed NDA archived + ledger entry created ### Step 1.2: Retainer Agreement + SoW Negotiation **Owner:** CEO (commercial), Lexicon (legal if amended) | **Duration:** 3-5 days 1. CEO defines: - Monthly retainer: \[BELØP\] NOK (range 40-80K per approved pricing) - Hourly overage rate: \[TIMEPRIS\] NOK - Included hours per month: \[TIMER\] - First Statement of Work (SoW): Deliverables, milestones, timeline 2. CEO fills [Retainer template](https://docs.alai.no/books/legal-templates-v1/page/retainer-contract-template-v1) 3. CEO drafts first SoW (Appendix A) 4. Upload to Documenso → client reviews 5. If client requests material legal changes → Lexicon reviews 6. Both parties sign 7. Archive signed Retainer + SoW to Paperless-ngx with tags: `legal-contract`, `retainer`, `ai-services` **✓ Done when:** Signed Retainer + SoW archived, pricing confirmed, 3-month binding period start date recorded --- ## Phase 2: Data Protection Compliance ### Step 2.1: DPA Execution (if processing personal data) **Owner:** CEO (execution), Lexicon (GDPR review) | **Duration:** 2-5 days **Decision Point:** Does engagement involve processing personal data? - **YES** → Execute DPA (required by GDPR Article 28) - **NO** → Skip to Phase 3 **Actions (if DPA required):** 1. CEO confirms data types with client (identification, business, technical logs, AI training data) 2. CEO fills [DPA template](https://docs.alai.no/books/legal-templates-v1/page/dpa-template-v1-gdpr-article-28): - Section 2.3: Data types - Section 2.4: Data subject categories 3. Attach [TOMs](https://docs.alai.no/books/legal-templates-v1/page/toms-alai-ai-services-v1) as Annex B 4. Upload DPA + TOMs to Documenso (two-document bundle) 5. Client reviews → may request security changes (ISO 27001, on-premise deployment) 6. CEO escalates material changes to Lexicon 7. Both parties sign 8. Archive signed DPA + TOMs to Paperless-ngx with tags: `legal-contract`, `dpa`, `gdpr`, `ai-services` **✓ Done when:** Signed DPA archived with TOMs annex, sub-processor disclosure delivered **Blocking Issues:** - Client requires ISO 27001 → CEO decision (cost ~150K NOK, 6-month timeline) - Client prohibits non-EEA sub-processors → CEO assesses if Anthropic can be replaced with EU-hosted LLM - Healthcare/finance client → Escalate to Lexicon (HIPAA, PCI-DSS compliance) --- ## Phase 3: Financial Setup ### Step 3.1: First Invoice Issuance **Owner:** CEO | **Duration:** 1 day 1. CEO creates client in Fiken (fiken.no): - Client name, org.nr, billing address, email - Payment terms: Net 14 days (standard ALAI) - Monthly recurring invoice flag 2. CEO issues Invoice #1: - Line item: "AI Services Retainer — \[MONTH\] \[YEAR\]" - Amount: \[BELØP\] NOK eks. mva. - Due date: 14 days from invoice date 3. Invoice auto-sent via Fiken to client email 4. CEO confirms client received invoice **✓ Done when:** Invoice sent, client acknowledges receipt ### Step 3.2: Payment Confirmation **Owner:** CEO | **Duration:** 0-14 days 1. CEO monitors Fiken for incoming payment 2. Once payment received: - Confirm amount matches invoice - Confirm payment reference includes invoice number 3. If payment overdue (14+ days) → CEO sends reminder 4. If 30+ days overdue → CEO pauses work per Retainer clause (IP transfer = on payment) **✓ Done when:** First retainer payment received + recorded in Fiken --- ## Phase 4: Project Kickoff ### Step 4.1: Technical Onboarding Call **Owner:** CEO (kickoff), John (orchestration), Specialist Agents (delivery) | **Duration:** 1-2 hours 1. CEO schedules kickoff call with: - Client PM/Tech Lead - ALAI: CEO + John (if technical deep-dive) 2. **Agenda:** - Review signed SoW deliverables and timeline - Confirm data access requirements (API keys, database credentials, codebase access) - Establish communication channels (Slack, email, video calls) - Agree on meeting cadence (weekly status, bi-weekly demo) - Set first milestone delivery date 3. CEO documents meeting notes → share with client 4. John creates Mission Control tasks for first SoW deliverables: - Task owner: Specialist agent (Codecraft, Vizu, Architect) - Priority: H (client deliverable) - Deadline: Per SoW milestone **✓ Done when:** Kickoff call completed, client access received, MC tasks created, first milestone scheduled ### Step 4.2: First Deliverable Milestone **Owner:** Specialist Agents (execution), Proveo (validation), CEO (client acceptance) | **Duration:** Per SoW (typically 1-4 weeks) 1. Specialist agents execute first SoW deliverable 2. Proveo validates per acceptance criteria in SoW 3. John marks MC task as ready\_for\_review 4. CEO reviews internally 5. CEO submits deliverable to client 6. Client reviews and provides feedback 7. If revisions needed → agents execute, Proveo re-validates, CEO re-submits 8. Client formally accepts deliverable 9. CEO archives deliverable to Paperless-ngx with tags: `client-deliverable`, `ai-services`, `[CLIENT_NAME]` **✓ Done when:** Client accepts deliverable, deliverable archived, next milestone scheduled --- ## Phase 5: Ongoing Engagement ### Monthly Retainer Rhythm **Monthly Cycle:** 1. **Day 1:** CEO issues retainer invoice for current month via Fiken 2. **Day 14:** Payment due 3. **Week 1-4:** Agents execute SoW tasks within retainer hours 4. **End of month:** CEO reviews time tracking: - Hours < retainer allocation → carry-forward or lose (per Retainer clause 3.3) - Hours > retainer allocation → invoice overage at \[TIMEPRIS\] NOK/hour 5. **Monthly status report:** CEO sends client: - Hours used vs. allocated - Deliverables completed - Next month's planned work ### Contract Renewal or Termination **At 3-Month Binding Period End:** - CEO checks client satisfaction - If renewing → Continue monthly retainer (auto-renews unless 30-day notice) - If terminating → CEO sends 30-day written notice per Retainer clause 6.2 **Upon termination:** 1. Complete all in-flight SoW tasks 2. Execute DPA data deletion/return (30-day deadline per DPA section 3.7) 3. Final invoice for any unpaid overages 4. Archive all signed contracts and deliverables per ZAKON ARCHIVE FIRST --- ## Timeline Summary
PhaseStepDurationOwner
Pre-ContractNDA signing1-3 daysCEO
Pre-ContractRetainer + SoW negotiation3-5 daysCEO
Data ProtectionDPA execution2-5 daysCEO + Lexicon
FinancialFirst invoice issuance1 dayCEO
FinancialPayment confirmation0-14 daysCEO
KickoffTechnical onboarding1-2 hoursCEO + John
KickoffFirst deliverable1-4 weeksAgents + Proveo
**TOTAL****Contract-to-kickoff****7-14 days**
**TOTAL****Contract-to-first-delivery****2-6 weeks**
--- ## Decision Trees ### Does this engagement require a DPA? **YES** if: - AI system processes customer names, emails, or IDs - AI training uses client employee data - System logs contain IP addresses or user activity - Client explicitly requests GDPR compliance documentation **NO** if: - Pure technical audit (code review, architecture) with no personal data access - AI training on fully anonymized datasets - Consulting engagement with no data processing ### What if client requests custom contract terms? 1. **Minor changes** (formatting, address corrections) → CEO approves directly 2. **Commercial changes** (pricing, payment terms) → CEO approves if within standard bounds 3. **Legal changes** (liability cap removal, IP assignment reversal) → CEO escalates to Lexicon 4. **Security changes** (ISO 27001, on-premise) → CEO escalates to John for technical impact analysis **Timeline Impact:** - Minor: +0 days - Commercial: +1-2 days - Legal: +3-5 days (Lexicon review) - Security: +1-2 weeks (technical assessment) --- ## Tools and References ### Required Systems - **Documenso:** sign.basicconsulting.no (contract signing) - **Paperless-ngx:** archive.alai.no (archiving per ZAKON ARCHIVE FIRST) - **Fiken:** fiken.no (invoicing and payment tracking) - **Mission Control:** `node ~/system/tools/mc.js` (task tracking) - **Bitwarden:** Client credential storage (if access keys provided) ### Document Templates - [Mutual NDA Template v1](https://docs.alai.no/books/legal-templates-v1/page/mutual-nda-template-v1) - [Retainer Contract Template v1](https://docs.alai.no/books/legal-templates-v1/page/retainer-contract-template-v1) - [DPA Template v1](https://docs.alai.no/books/legal-templates-v1/page/dpa-template-v1-gdpr-article-28) - [TOMs ALAI AI Services v1](https://docs.alai.no/books/legal-templates-v1/page/toms-alai-ai-services-v1) ### Legal Review Proveo review (2026-05-01): **19/20 PASS** Known gap: SnowIT relationship undocumented (separate workstream — does not block client onboarding) --- ## Open Questions for CEO 1. Should we engage a Norwegian law firm for final template review before first client use? (Est. cost: 10-15K NOK, timeline: 1-2 weeks) 2. Do we have professional indemnity insurance covering AI services? 3. If SnowIT developers access client data, should SnowIT be added to DPA sub-processor list? 4. If a client requires ISO 27001 certification, what is the go/no-go decision point? (Cost: ~150K NOK, timeline: 6 months) --- **Document Owner:** Skillforge **Last Updated:** 2026-05-01 **Review Cycle:** Quarterly (or upon first client feedback)