The first three articles in this series have asked Caribbean boards uncomfortable questions about digital infrastructure that has already been set up — usually badly. This article is for the entrepreneur, the family-business successor, or the partner of a newly-formed firm who has the rare opportunity to do it correctly from the first day. It takes ninety minutes. The rest of the firm’s digital life will rest on what is decided in that hour and a half.
The rarest moment in the life of a Caribbean firm
Across the engagements we have surfaced in the three preceding articles in this series — domain ownership lost to retiring bookkeepers, business email run from personal Gmail accounts, primary identities operating on the wrong TLD — almost every problem we have catalogued has a common origin. None of them are mistakes the firm made deliberately. They are the residue of decisions taken in the first weeks of the firm’s existence, by people who were focused on something else, who had no framework to consult, and who almost certainly did not realise they were making decisions at all.
By the time the firm grows large enough to engage with these decisions consciously, the cost of unwinding the original choices is high. The domain is in the wrong name. The email is in the wrong place. The TLD is the wrong one. The retrofit is expensive, often disruptive, occasionally impossible. Every Caribbean firm with twenty or more years of trading carries somewhere in its operating stack the scar tissue of a defaulted digital identity.
There is exactly one moment when none of that is true. It is the first ninety minutes — at most — between the company being registered and the company taking its first commercial action that touches the outside world. In those ninety minutes, the digital identity of the firm can be set up correctly, with all the choices made consciously, and the cumulative cost of the rest of the firm’s digital life is determined for years to come.
This article is the checklist for those ninety minutes. It is written for Caribbean entrepreneurs registering a new firm, family-business successors taking over operations from a generation that never formally set anything up, partners spinning out of an existing practice, and any firm that has decided to start over digitally after a restructure, an acquisition, or a brand change. Working through it sequentially, in the order presented, with the right supplier on hand, takes between sixty and ninety minutes. The work avoided is, in our experience, measured in years.
The cumulative cost of the rest of the firm’s digital life is determined in the first ninety minutes.
1. Before the timer starts
Three things should be in front of the founder before the ninety minutes begin. None of them are negotiable, and skipping any of them turns the exercise into an exercise in clean-up.
The legal name of the company
Registered, in writing, with the local Companies Office or equivalent — not a working name, not a holding name, not “we’re about to register this.” The legal name is the only one that can be used to register a domain in the company’s name in the next step. Many of the patterns surfaced in Article 1.1 of this series began with a founder registering a domain in their own name because the company itself had not yet been formed at the registrar level.
A company-controlled mailbox to receive registrar correspondence
This is the chicken-and-egg problem of the first ninety minutes: the firm needs a mailbox to register a domain, but the domain is what the firm’s mailbox will eventually live on. The clean answer is to use a temporary company-controlled Gmail or equivalent address — created in the company’s name, not in the founder’s personal name, with the password stored in a company-managed vault — solely for the purpose of registrar correspondence during the setup. It will be retired and replaced with a proper administrative mailbox by the end of the ninety minutes. The principle is that even the temporary mailbox should not be a personal one.
A decision, made in advance, on the firm’s archetype
Article 1.3 of this series introduced the four Caribbean firm archetypes — A (Domestically-Anchored), B (Domestically-Anchored, Export-Curious), C (Regionally- or Internationally-Oriented), and D (Non-Commercial). The founder should walk into the ninety minutes knowing which archetype the firm fits, both today and over a five-year horizon. The archetype determines the primary TLD; reversing this decision later is the most expensive correction in the entire series. If the archetype is genuinely uncertain, default to Archetype B (with .com as primary, ccTLD as defensive) — it is the most resilient to future direction changes.
2. The eight-step ninety-minute checklist
Worked through sequentially, with a good registrar account open and a competent supplier on hand, the eight steps below take between sixty and ninety minutes. The order matters: step 4 (provisioning email) depends on step 2 (registering the domain). Step 5 (publishing authentication records) depends on step 4. Step 7 (moving the registrar administrative contact) depends on step 4. Skipping ahead means doubling back.
| Step | Time | What is being decided and done |
| 1 | 15 min | Choose the primary domain name.
Confirm the firm’s archetype (A/B/C/D). Map the archetype to the correct primary TLD. Confirm that the un-hyphenated, un-suffixed version of the firm’s legal name is available on the chosen primary TLD. If it is not, this is the moment to either choose a different name or — far better — accept a slightly different version of the name that is available cleanly, rather than commit to a compromised primary domain. |
| 2 | 10 min | Register the primary domain, in the company’s legal name.
The registrant must be the company itself — not the founder, not a director, not the IT consultant, not the web designer. The administrative contact at this stage is the temporary company-controlled mailbox from §1. Auto-renewal is enabled. Domain-lock is enabled. Domain-privacy is enabled. Two-factor authentication on the registrar account is enabled. |
| 3 | 10 min | Register defensive variants on the obvious alternate TLDs.
For Archetypes A and B, register both .com and the relevant ccTLD; for Archetype C, register the .com and the ccTLDs of every Caribbean territory the firm operates in or plans to; for Archetype D, register the .org and the .com. Set all defensive registrations to redirect to the primary. The combined annual cost of defensive registrations is trivial; the cost of recovering one later from a third party is not. |
| 4 | 15 min | Provision professional email at the firm’s domain.
Microsoft 365 or equivalent — never a forwarding alias to a personal Gmail. Three role-based mailboxes are created at minimum: [email protected], [email protected] (which will become the new registrar contact in step 8), and the founder’s own named mailbox. Multi-factor authentication is enforced on all three from the moment of creation. Default retention is set to seven years; default audit logging is on. |
| 5 | 10 min | Publish SPF, DKIM and DMARC records on the firm’s domain.
These are the three DNS records that prevent the firm’s mailboxes from being trivially impersonated by attackers, and that get the firm’s outgoing mail accepted by counterparties’ spam filters. The technical detail is covered in Article 1.5 of this series. The point at this stage is that the records are published, on the day the domain is registered, with DMARC enforcement set to “quarantine” or “reject,” not “none.” |
| 6 | 10 min | Stand up a holding page on the primary domain.
A single, clean page with the firm’s name, a one-line description of what the firm does, and a contact mechanism that uses the [email protected] mailbox from step 4. Not a full website, not a brochure, not a marketing site — those come later, in their own deliberate exercise. A holding page exists so that when someone types the firm’s domain on the day of the firm’s first invoice, something professional answers. SSL is enabled on the holding page from the moment it goes live. |
| 7 | 10 min | Set up the registrar credentials under proper company control.
Two named company personnel — at minimum, the founder and a second director or operations lead — must have access to the registrar account. Credentials sit in a company-managed password vault, not in a personal browser or on a single laptop. The administrative contact on the domain is moved from the temporary Gmail in §1 to [email protected], the role-based mailbox created in step 4. This is the moment when the firm stops borrowing its own digital identity from a personal account and starts owning it institutionally. |
| 8 | 10 min | Complete the Founding Digital Identity Record.
A one-page document — the closing exercise of the ninety minutes — recording what was decided, in what name each domain is registered, which mailboxes exist, where the credentials sit, who has access, when each domain renews, and which archetype was named. Signed, dated, and stored alongside the firm’s incorporation paperwork. This document is the founding governance record for the firm’s digital identity. Section 3 of this article reproduces the template. |
Some founders will be able to complete each step themselves. Others — particularly those for whom step 5 (SPF, DKIM and DMARC) is unfamiliar territory — will want a supplier on hand. The point is not heroism; the point is that all eight steps are completed properly, in sequence, on the day the firm starts. The supplier model that Dawgen Global Technologies offers exists precisely so that no founder has to attempt step 5 alone.
3. The Founding Digital Identity Record
The eighth and final step of the ninety minutes is to complete the one-page record below. Its purpose is exactly what its name says: to be the founding governance document for the firm’s digital identity, signed and stored alongside the incorporation paperwork. If, three years from now, a director joins the board, a new finance lead joins the firm, or an external advisor asks how the firm controls its digital identity, this is the document that is produced.
The record codifies what would otherwise live in the founder’s memory and travel with the founder if the founder ever leaves. It is the institutional answer to the most common pattern surfaced in Article 1.1 of this series — the firm whose digital identity was registered by someone who is no longer at the firm, with no documentation of what was set up or why.
| Decision Recorded | Value |
| Firm legal name | [exactly as registered with the Companies Office] |
| Archetype declared | A / B / C / D — today, and target in five years |
| Primary domain | [firmname.tld] — registered to the company |
| Defensive registrations | [list of variants, all redirecting to the primary] |
| Email platform | [Microsoft 365 / equivalent] — MFA enforced from day one |
| Role-based mailboxes created | info@ | admin@ | founder named mailbox |
| SPF / DKIM / DMARC published | Yes — DMARC enforcement at “quarantine” or “reject” |
| Holding page live with SSL | Yes — single page, info@ contact |
| Registrar account access | [founder name] + [second director name]; credentials in vault |
| Administrative contact mailbox | [email protected] — monitored, not personal |
| Domain renewal date(s) | [date] — auto-renew enabled; calendar reminder set |
| Signed by | [founder name, date] — stored with incorporation paperwork |
A reusable Word template of this record is included as a separate downloadable from this article’s page on the Dawgen Global blog.
4. What is deliberately out of scope
The ninety minutes are tightly bounded. Almost everything a firm will eventually need is not in them. The discipline of the checklist is in what it excludes, not what it includes.
The full website is out of scope. The holding page from step 6 is not a website; it is a placeholder. A real website is a separate exercise, requiring brand decisions, content, navigation, and either a designer or a templated platform. That exercise belongs to its own dedicated day or week, not to the founding ninety minutes.
The marketing infrastructure — analytics, customer relationship management, mailing-list software, social media accounts, search engine optimisation, advertising platforms — is all out of scope. None of it can be done correctly until the foundations are in place, and trying to set up any of it in the first ninety minutes is a category error.
Internal collaboration infrastructure — file storage, project management, video conferencing, internal chat — is out of scope. It is genuinely important, but it is downstream of the email platform decision in step 4. Once Microsoft 365 (or equivalent) is in place, most of the collaboration stack comes with it; the configuration of that stack is a separate exercise.
Cybersecurity beyond the basics in steps 5, 7 and the MFA in step 4 is out of scope. The foundations laid in the ninety minutes are necessary but not sufficient. Article 2.6 of this series — “The Caribbean Cyber Hygiene Scorecard” — will cover the next tier of controls every Caribbean firm should put in place once it has staff, customers, and a meaningful data footprint.
The principle is that the ninety minutes does one thing and does it completely: it establishes the firm’s digital identity correctly on day one. Every other digital decision the firm will ever make can be made later, properly, on the foundation laid here. None of them can be made well if the foundation is wrong.
5. Where to go from here
If you are about to register a firm, inherit a family business, or start over digitally after a restructure, the ninety minutes described in this article are the most consequential ninety minutes you will spend on the firm’s digital life. The work is finite, the decisions are reversible only at significant cost, and the cost of not doing it is precisely the residue this series has spent three preceding articles documenting.
The eight-step checklist can be completed by a founder working alone with a registrar account, a domain in mind, and an afternoon. It can also be completed in a single guided session with a supplier who has done it for hundreds of Caribbean firms before. Dawgen Global Technologies offers the second option as a Founding Digital Identity Session, structured around the checklist in §2 and the record in §3.
| WHERE TO GO FROM HERE
Make the ninety minutes count. Through Dawgen Global Technologies, the firm offers five Caribbean-tailored web-services bundles built on the SecureServer platform. The Starter Online bundle is designed exactly for the founder reading this article — bringing the domain, defensive registrations, Microsoft 365, SPF / DKIM / DMARC configuration, MFA, holding page and SSL together on day one, under one annual contract, one local supplier, billed in USD or JMD, with Caribbean-based support and the eight-step checklist walked through with a Dawgen Global Technologies engineer in a single session. dawgentechnologies.com Or write to [email protected] to book a ninety-minute Founding Digital Identity Session through your Dawgen Global engagement team. |
Author
Dr. Dawkins Brown is the Executive Chairman and Founder of Dawgen Global, an independent integrated multidisciplinary professional services firm headquartered in New Kingston, Jamaica, operating across 15+ Caribbean territories. Dawgen Global Technologies is the firm’s web-services line, delivering domains, hosting, professional email, Microsoft 365, SSL, websites, security and backups across the region.
About The Caribbean Digital Foundations Series
The Caribbean Digital Foundations Series is a 30-article thought leadership programme published by Dawgen Global on its blog (dawgen.global/blog) through 2026. The series is organised into five pillars — Foundations, Trust & Security, Presence & Performance, Productivity & Collaboration, and Commerce & Growth — and is designed to bring the same governance lens Dawgen Global applies to audit, tax and advisory engagements to the web-services decisions every Caribbean SMB must now make.
This is Article 1.4 of the series. Articles 1.1, 1.2 and 1.3 — covering domain ownership, professional email, and TLD strategy — laid the diagnostic foundation that this article translates into a prescriptive playbook for new firms. Article 1.5, “Email Authentication for the Caribbean Board: SPF, DKIM and DMARC Explained Without the Jargon,” will follow.
© 2026 Dawgen Global | Big Firm Capabilities. Caribbean Understanding.
About Dawgen Global
“Embrace BIG FIRM capabilities without the big firm price at Dawgen Global, your committed partner in carving a pathway to continual progress in the vibrant Caribbean region. Our integrated, multidisciplinary approach is finely tuned to address the unique intricacies and lucrative prospects that the region has to offer. Offering a rich array of services, including audit, accounting, tax, IT, HR, risk management, and more, we facilitate smarter and more effective decisions that set the stage for unprecedented triumphs. Let’s collaborate and craft a future where every decision is a steppingstone to greater success. Reach out to explore a partnership that promises not just growth but a future beaming with opportunities and achievements.
Email: [email protected] 
Visit: Dawgen Global Website
WhatsApp Global Number : +1 555-795-9071
Caribbean Office: +1876-6655926 / 876-9293670/876-9265210 
WhatsApp Global: +1 5557959071
USA Office: 855-354-2447
Join hands with Dawgen Global. Together, let’s venture into a future brimming with opportunities and achievements
