Client Onboarding Checklist

AI Services Client Onboarding Checklist Version: 1.0 | Date: 2026-05-01 | Owner: CEO + John + Lexicon Overview This checklist covers the complete client onboarding journey from initial contact through first invoice and project kickoff. Total Estimated Duration: 7-14 business days (contract-to-kickoff) | 2-6 weeks (contract-to-first-delivery) Phase 1: Pre-Contract Documentation Step 1.1: Mutual NDA Execution Owner: CEO | Duration: 1-3 days CEO fills NDA template with client details Upload to Documenso (sign.basicconsulting.no) Both parties sign Archive signed PDF to Paperless-ngx with tags: legal-contract , nda , ai-services , [CLIENT_NAME] Record in ~/system/state/archive-first-ledger.jsonl ✓ Done when: Signed NDA archived + ledger entry created Step 1.2: Retainer Agreement + SoW Negotiation Owner: CEO (commercial), Lexicon (legal if amended) | Duration: 3-5 days CEO defines: Monthly retainer: [BELØP] NOK (range 40-80K per approved pricing) Hourly overage rate: [TIMEPRIS] NOK Included hours per month: [TIMER] First Statement of Work (SoW): Deliverables, milestones, timeline CEO fills Retainer template CEO drafts first SoW (Appendix A) Upload to Documenso → client reviews If client requests material legal changes → Lexicon reviews Both parties sign Archive signed Retainer + SoW to Paperless-ngx with tags: legal-contract , retainer , ai-services ✓ Done when: Signed Retainer + SoW archived, pricing confirmed, 3-month binding period start date recorded Phase 2: Data Protection Compliance Step 2.1: DPA Execution (if processing personal data) Owner: CEO (execution), Lexicon (GDPR review) | Duration: 2-5 days Decision Point: Does engagement involve processing personal data? YES → Execute DPA (required by GDPR Article 28) NO → Skip to Phase 3 Actions (if DPA required): CEO confirms data types with client (identification, business, technical logs, AI training data) CEO fills DPA template : Section 2.3: Data types Section 2.4: Data subject categories Attach TOMs as Annex B Upload DPA + TOMs to Documenso (two-document bundle) Client reviews → may request security changes (ISO 27001, on-premise deployment) CEO escalates material changes to Lexicon Both parties sign Archive signed DPA + TOMs to Paperless-ngx with tags: legal-contract , dpa , gdpr , ai-services ✓ Done when: Signed DPA archived with TOMs annex, sub-processor disclosure delivered Blocking Issues: Client requires ISO 27001 → CEO decision (cost ~150K NOK, 6-month timeline) Client prohibits non-EEA sub-processors → CEO assesses if Anthropic can be replaced with EU-hosted LLM Healthcare/finance client → Escalate to Lexicon (HIPAA, PCI-DSS compliance) Phase 3: Financial Setup Step 3.1: First Invoice Issuance Owner: CEO | Duration: 1 day CEO creates client in Fiken (fiken.no): Client name, org.nr, billing address, email Payment terms: Net 14 days (standard ALAI) Monthly recurring invoice flag CEO issues Invoice #1: Line item: "AI Services Retainer — [MONTH] [YEAR]" Amount: [BELØP] NOK eks. mva. Due date: 14 days from invoice date Invoice auto-sent via Fiken to client email CEO confirms client received invoice ✓ Done when: Invoice sent, client acknowledges receipt Step 3.2: Payment Confirmation Owner: CEO | Duration: 0-14 days CEO monitors Fiken for incoming payment Once payment received: Confirm amount matches invoice Confirm payment reference includes invoice number If payment overdue (14+ days) → CEO sends reminder If 30+ days overdue → CEO pauses work per Retainer clause (IP transfer = on payment) ✓ Done when: First retainer payment received + recorded in Fiken Phase 4: Project Kickoff Step 4.1: Technical Onboarding Call Owner: CEO (kickoff), John (orchestration), Specialist Agents (delivery) | Duration: 1-2 hours CEO schedules kickoff call with: Client PM/Tech Lead ALAI: CEO + John (if technical deep-dive) Agenda: Review signed SoW deliverables and timeline Confirm data access requirements (API keys, database credentials, codebase access) Establish communication channels (Slack, email, video calls) Agree on meeting cadence (weekly status, bi-weekly demo) Set first milestone delivery date CEO documents meeting notes → share with client John creates Mission Control tasks for first SoW deliverables: Task owner: Specialist agent (Codecraft, Vizu, Architect) Priority: H (client deliverable) Deadline: Per SoW milestone ✓ Done when: Kickoff call completed, client access received, MC tasks created, first milestone scheduled Step 4.2: First Deliverable Milestone Owner: Specialist Agents (execution), Proveo (validation), CEO (client acceptance) | Duration: Per SoW (typically 1-4 weeks) Specialist agents execute first SoW deliverable Proveo validates per acceptance criteria in SoW John marks MC task as ready_for_review CEO reviews internally CEO submits deliverable to client Client reviews and provides feedback If revisions needed → agents execute, Proveo re-validates, CEO re-submits Client formally accepts deliverable CEO archives deliverable to Paperless-ngx with tags: client-deliverable , ai-services , [CLIENT_NAME] ✓ Done when: Client accepts deliverable, deliverable archived, next milestone scheduled Phase 5: Ongoing Engagement Monthly Retainer Rhythm Monthly Cycle: Day 1: CEO issues retainer invoice for current month via Fiken Day 14: Payment due Week 1-4: Agents execute SoW tasks within retainer hours End of month: CEO reviews time tracking: Hours < retainer allocation → carry-forward or lose (per Retainer clause 3.3) Hours > retainer allocation → invoice overage at [TIMEPRIS] NOK/hour Monthly status report: CEO sends client: Hours used vs. allocated Deliverables completed Next month's planned work Contract Renewal or Termination At 3-Month Binding Period End: CEO checks client satisfaction If renewing → Continue monthly retainer (auto-renews unless 30-day notice) If terminating → CEO sends 30-day written notice per Retainer clause 6.2 Upon termination: Complete all in-flight SoW tasks Execute DPA data deletion/return (30-day deadline per DPA section 3.7) Final invoice for any unpaid overages Archive all signed contracts and deliverables per ZAKON ARCHIVE FIRST Timeline Summary Phase Step Duration Owner Pre-Contract NDA signing 1-3 days CEO Pre-Contract Retainer + SoW negotiation 3-5 days CEO Data Protection DPA execution 2-5 days CEO + Lexicon Financial First invoice issuance 1 day CEO Financial Payment confirmation 0-14 days CEO Kickoff Technical onboarding 1-2 hours CEO + John Kickoff First deliverable 1-4 weeks Agents + Proveo TOTAL Contract-to-kickoff 7-14 days — TOTAL Contract-to-first-delivery 2-6 weeks — Decision Trees Does this engagement require a DPA? YES if: AI system processes customer names, emails, or IDs AI training uses client employee data System logs contain IP addresses or user activity Client explicitly requests GDPR compliance documentation NO if: Pure technical audit (code review, architecture) with no personal data access AI training on fully anonymized datasets Consulting engagement with no data processing What if client requests custom contract terms? Minor changes (formatting, address corrections) → CEO approves directly Commercial changes (pricing, payment terms) → CEO approves if within standard bounds Legal changes (liability cap removal, IP assignment reversal) → CEO escalates to Lexicon Security changes (ISO 27001, on-premise) → CEO escalates to John for technical impact analysis Timeline Impact: Minor: +0 days Commercial: +1-2 days Legal: +3-5 days (Lexicon review) Security: +1-2 weeks (technical assessment) Tools and References Required Systems Documenso: sign.basicconsulting.no (contract signing) Paperless-ngx: archive.alai.no (archiving per ZAKON ARCHIVE FIRST) Fiken: fiken.no (invoicing and payment tracking) Mission Control: node ~/system/tools/mc.js (task tracking) Bitwarden: Client credential storage (if access keys provided) Document Templates Mutual NDA Template v1 Retainer Contract Template v1 DPA Template v1 TOMs ALAI AI Services v1 Legal Review Proveo review (2026-05-01): 19/20 PASS Known gap: SnowIT relationship undocumented (separate workstream — does not block client onboarding) Open Questions for CEO Should we engage a Norwegian law firm for final template review before first client use? (Est. cost: 10-15K NOK, timeline: 1-2 weeks) Do we have professional indemnity insurance covering AI services? If SnowIT developers access client data, should SnowIT be added to DPA sub-processor list? If a client requires ISO 27001 certification, what is the go/no-go decision point? (Cost: ~150K NOK, timeline: 6 months) Document Owner: Skillforge Last Updated: 2026-05-01 Review Cycle: Quarterly (or upon first client feedback)