Skip to main content

Client Onboarding Checklist

AI Services Client Onboarding Checklist

Version: 1.0 | Date: 2026-05-01 | Owner: CEO + John + Lexicon

Overview

This checklist covers the complete client onboarding journey from initial contact through first invoice and project kickoff.

Total Estimated Duration: 7-14 business days (contract-to-kickoff) | 2-6 weeks (contract-to-first-delivery)

Phase 1: Pre-Contract Documentation

Step 1.1: Mutual NDA Execution

Owner: CEO | Duration: 1-3 days

  1. CEO fills NDA template with client details
  2. Upload to Documenso (sign.basicconsulting.no)
  3. Both parties sign
  4. Archive signed PDF to Paperless-ngx with tags: legal-contract, nda, ai-services, [CLIENT_NAME]
  5. Record in ~/system/state/archive-first-ledger.jsonl

✓ Done when: Signed NDA archived + ledger entry created

Step 1.2: Retainer Agreement + SoW Negotiation

Owner: CEO (commercial), Lexicon (legal if amended) | Duration: 3-5 days

  1. CEO defines:
    • Monthly retainer: [BELØP] NOK (range 40-80K per approved pricing)
    • Hourly overage rate: [TIMEPRIS] NOK
    • Included hours per month: [TIMER]
    • First Statement of Work (SoW): Deliverables, milestones, timeline
  2. CEO fills Retainer template
  3. CEO drafts first SoW (Appendix A)
  4. Upload to Documenso → client reviews
  5. If client requests material legal changes → Lexicon reviews
  6. Both parties sign
  7. Archive signed Retainer + SoW to Paperless-ngx with tags: legal-contract, retainer, ai-services

✓ Done when: Signed Retainer + SoW archived, pricing confirmed, 3-month binding period start date recorded

Phase 2: Data Protection Compliance

Step 2.1: DPA Execution (if processing personal data)

Owner: CEO (execution), Lexicon (GDPR review) | Duration: 2-5 days

Decision Point: Does engagement involve processing personal data?

  • YES → Execute DPA (required by GDPR Article 28)
  • NO → Skip to Phase 3

Actions (if DPA required):

  1. CEO confirms data types with client (identification, business, technical logs, AI training data)
  2. CEO fills DPA template:
    • Section 2.3: Data types
    • Section 2.4: Data subject categories
  3. Attach TOMs as Annex B
  4. Upload DPA + TOMs to Documenso (two-document bundle)
  5. Client reviews → may request security changes (ISO 27001, on-premise deployment)
  6. CEO escalates material changes to Lexicon
  7. Both parties sign
  8. Archive signed DPA + TOMs to Paperless-ngx with tags: legal-contract, dpa, gdpr, ai-services

✓ Done when: Signed DPA archived with TOMs annex, sub-processor disclosure delivered

Blocking Issues:

  • Client requires ISO 27001 → CEO decision (cost ~150K NOK, 6-month timeline)
  • Client prohibits non-EEA sub-processors → CEO assesses if Anthropic can be replaced with EU-hosted LLM
  • Healthcare/finance client → Escalate to Lexicon (HIPAA, PCI-DSS compliance)

Phase 3: Financial Setup

Step 3.1: First Invoice Issuance

Owner: CEO | Duration: 1 day

  1. CEO creates client in Fiken (fiken.no):
    • Client name, org.nr, billing address, email
    • Payment terms: Net 14 days (standard ALAI)
    • Monthly recurring invoice flag
  2. CEO issues Invoice #1:
    • Line item: "AI Services Retainer — [MONTH] [YEAR]"
    • Amount: [BELØP] NOK eks. mva.
    • Due date: 14 days from invoice date
  3. Invoice auto-sent via Fiken to client email
  4. CEO confirms client received invoice

✓ Done when: Invoice sent, client acknowledges receipt

Step 3.2: Payment Confirmation

Owner: CEO | Duration: 0-14 days

  1. CEO monitors Fiken for incoming payment
  2. Once payment received:
    • Confirm amount matches invoice
    • Confirm payment reference includes invoice number
  3. If payment overdue (14+ days) → CEO sends reminder
  4. If 30+ days overdue → CEO pauses work per Retainer clause (IP transfer = on payment)

✓ Done when: First retainer payment received + recorded in Fiken

Phase 4: Project Kickoff

Step 4.1: Technical Onboarding Call

Owner: CEO (kickoff), John (orchestration), Specialist Agents (delivery) | Duration: 1-2 hours

  1. CEO schedules kickoff call with:
    • Client PM/Tech Lead
    • ALAI: CEO + John (if technical deep-dive)
  2. Agenda:
    • Review signed SoW deliverables and timeline
    • Confirm data access requirements (API keys, database credentials, codebase access)
    • Establish communication channels (Slack, email, video calls)
    • Agree on meeting cadence (weekly status, bi-weekly demo)
    • Set first milestone delivery date
  3. CEO documents meeting notes → share with client
  4. John creates Mission Control tasks for first SoW deliverables:
    • Task owner: Specialist agent (Codecraft, Vizu, Architect)
    • Priority: H (client deliverable)
    • Deadline: Per SoW milestone

✓ Done when: Kickoff call completed, client access received, MC tasks created, first milestone scheduled

Step 4.2: First Deliverable Milestone

Owner: Specialist Agents (execution), Proveo (validation), CEO (client acceptance) | Duration: Per SoW (typically 1-4 weeks)

  1. Specialist agents execute first SoW deliverable
  2. Proveo validates per acceptance criteria in SoW
  3. John marks MC task as ready_for_review
  4. CEO reviews internally
  5. CEO submits deliverable to client
  6. Client reviews and provides feedback
  7. If revisions needed → agents execute, Proveo re-validates, CEO re-submits
  8. Client formally accepts deliverable
  9. CEO archives deliverable to Paperless-ngx with tags: client-deliverable, ai-services, [CLIENT_NAME]

✓ Done when: Client accepts deliverable, deliverable archived, next milestone scheduled

Phase 5: Ongoing Engagement

Monthly Retainer Rhythm

Monthly Cycle:

  1. Day 1: CEO issues retainer invoice for current month via Fiken
  2. Day 14: Payment due
  3. Week 1-4: Agents execute SoW tasks within retainer hours
  4. End of month: CEO reviews time tracking:
    • Hours < retainer allocation → carry-forward or lose (per Retainer clause 3.3)
    • Hours > retainer allocation → invoice overage at [TIMEPRIS] NOK/hour
  5. Monthly status report: CEO sends client:
    • Hours used vs. allocated
    • Deliverables completed
    • Next month's planned work

Contract Renewal or Termination

At 3-Month Binding Period End:

  • CEO checks client satisfaction
  • If renewing → Continue monthly retainer (auto-renews unless 30-day notice)
  • If terminating → CEO sends 30-day written notice per Retainer clause 6.2

Upon termination:

  1. Complete all in-flight SoW tasks
  2. Execute DPA data deletion/return (30-day deadline per DPA section 3.7)
  3. Final invoice for any unpaid overages
  4. Archive all signed contracts and deliverables per ZAKON ARCHIVE FIRST

Timeline Summary

PhaseStepDurationOwner
Pre-ContractNDA signing1-3 daysCEO
Pre-ContractRetainer + SoW negotiation3-5 daysCEO
Data ProtectionDPA execution2-5 daysCEO + Lexicon
FinancialFirst invoice issuance1 dayCEO
FinancialPayment confirmation0-14 daysCEO
KickoffTechnical onboarding1-2 hoursCEO + John
KickoffFirst deliverable1-4 weeksAgents + Proveo
TOTALContract-to-kickoff7-14 days
TOTALContract-to-first-delivery2-6 weeks

Decision Trees

Does this engagement require a DPA?

YES if:

  • AI system processes customer names, emails, or IDs
  • AI training uses client employee data
  • System logs contain IP addresses or user activity
  • Client explicitly requests GDPR compliance documentation

NO if:

  • Pure technical audit (code review, architecture) with no personal data access
  • AI training on fully anonymized datasets
  • Consulting engagement with no data processing

What if client requests custom contract terms?

  1. Minor changes (formatting, address corrections) → CEO approves directly
  2. Commercial changes (pricing, payment terms) → CEO approves if within standard bounds
  3. Legal changes (liability cap removal, IP assignment reversal) → CEO escalates to Lexicon
  4. Security changes (ISO 27001, on-premise) → CEO escalates to John for technical impact analysis

Timeline Impact:

  • Minor: +0 days
  • Commercial: +1-2 days
  • Legal: +3-5 days (Lexicon review)
  • Security: +1-2 weeks (technical assessment)

Tools and References

Required Systems

  • Documenso: sign.basicconsulting.no (contract signing)
  • Paperless-ngx: archive.alai.no (archiving per ZAKON ARCHIVE FIRST)
  • Fiken: fiken.no (invoicing and payment tracking)
  • Mission Control: node ~/system/tools/mc.js (task tracking)
  • Bitwarden: Client credential storage (if access keys provided)

Document Templates

Proveo review (2026-05-01): 19/20 PASS

Known gap: SnowIT relationship undocumented (separate workstream — does not block client onboarding)

Open Questions for CEO

  1. Should we engage a Norwegian law firm for final template review before first client use? (Est. cost: 10-15K NOK, timeline: 1-2 weeks)
  2. Do we have professional indemnity insurance covering AI services?
  3. If SnowIT developers access client data, should SnowIT be added to DPA sub-processor list?
  4. If a client requires ISO 27001 certification, what is the go/no-go decision point? (Cost: ~150K NOK, timeline: 6 months)

Document Owner: Skillforge
Last Updated: 2026-05-01
Review Cycle: Quarterly (or upon first client feedback)

Back to top