In our 2021 State of Customer Trust Benchmarking Report, over 80% of the 100+ information security folks we surveyed told us that completing security questionnaires was critical to closing sales deals, and that most customers won’t move forward without them. As your customer base grows, you should expect to see more and more of these incoming customer security questionnaires which means more work for your Infosec team… and all of the other teams involved.
The more teams the better? Yes and no.
In the same survey, we found that 80% of companies have at least 2+ departments involved in the security review process, and 50% have more than 3. Outside of Security/Compliance and IT, the Legal and Sales departments are also likely to be involved. Below is an excerpt from our 2021 Customer Trust Benchmarking Survey:
Having multiple teams involved in security questionnaire response causes complexity and — naturally — time delays.
There hasn’t always been a magic, one size fits all solution on how to manage, scale, and speed up the security review process. What we do know is that today, the process of responding to customer security reviews remains painful, manual, and time-consuming.
So, how should you properly scale this process with your sales teams?
We’ve worked with many B2B SaaS organizations who have felt the pain of increasing levels of customer security reviews. In our (and their) experience, the challenge often requires a technology solution, but it also requires organizational change. Secret weapons are only useful if the soldiers are given the training to wield them appropriately. In this post, we’ll share some best practices on how to best involve your Sales team in this process.
Organizations who proactively share security information (documents and FAQs) early in the sales cycle can reduce the time spent responding to customer security questionnaires by 60%. Those who include their sales teams in the automation of the processes have cut a full 5 days off of their sales cycle. So what are their secrets? Read on to find out.
6 tips for integrating sales teams into the security review process
1. Involve sales leaders early when formalizing security review processes
Don’t forget to include a Sales leader in the design of your processes which increases the likelihood of buy-in from the beginning. Gathering input from the beginning ensures you have more support and a smoother implementation process.
2. Have a few members of the sales team test the process and provide feedback ahead of go-live. Hold live training sessions and communicate changes ahead of time.
Nothing will be perfect from the start, so be willing to tweak and improve at all points with sales involvement.
Something our customers have found helpful is to collaborate on an internal memo or “Sales Playbook” with sales leaders. Send this to the sales team prior to go live, so there’s documentation to explain what is changing and why.
3. Work with sales teams to agree on guidelines for which customers will get “full treatment” vs. who will self-serve
Different customers represent different value to the business. A customer whose ARR is $100,000 is naturally going to get a bit more “love” than a customer using a free plan. Many of our customers work with sales to assign a $X ARR threshold on deals to help define which customers get which type of questionnaire response. Lower tier and/or free tier customers are expected to self-serve information (documents and FAQs) and higher-tier customers get custom questionnaire response.
Providing sales teams email templates of what to communicate to the prospect and how to push back is a great way to make it as simple as possible for them.
4. Provide visibility to sales in an automated way so they know where their customers are in the security review process
Sales wants to know where their customer / prospect is in the security review process. Providing automatic updates and/or the ability for the sales team to access this information on their own is a huge value-add for sales.
We recommend tracking:
- When a customer accessed your portal/document repository
- When the recipient agreed to your NDA
- What content they interacted with and when
Visibility into the actions above can not only help the sales team understand when to follow up with their prospects, but can often help predict whether or not a deal will close.
5. Discourage salespeople from downloading and sharing documents through email - instead give them a link to share to a portal/curated doc sharing Room, etc
This happens quite often and can be a point of friction. Sales downloads and sends an outdated version of a security document to their prospects via email. Along with the security concerns (email, no watermarks, no NDA-gating) and the fact that the documents could be outdated, both security and sales teams also lose visibility into actions prospects are taking.
Our customers have also found that providing a video to their sales team to send to their prospects on what the process will look like is helpful if prospects are confused about how to access a portal and download the documents they need. See an example of a video below and feel free to steal the script!
6. If your current process directs prospects to their account executive to obtain security information, we encourage you to eliminate this bottleneck and make sure customers can self-serve as much as possible.
Having a sales team member as the middleman between prospects and the security team often causes delays. To eliminate the back and forth through email, proactively point prospects to a link to your trust portal/document repository via your website. That way, if your sales team is unavailable to route the request, customers can self-serve what they need without the lag time.
*Last extra spicy bonus tip for security teams*
We also recommend against routing customer security review requests to a security@domain email address for many of the same reasons as above. The manual step of reviewing a request through email, though low effort, will cause delays as you scale. Pointing everyone to a link to a centralized location where security info is stored is one of the best ways to start cutting days off of that security review process.
Ideal Process Flow
Here's an example of an ideal process flow that can help streamline the customer security questionnaire and review process for both security and sales teams.
- Trust portal is linked on security webpage or link is passed to customer by sales team
- Customer clicks to request access to portal
- Security team approves access - ideally through an automated workflow in a communication tool
- Customer accesses portal and first has to sign click-wrap NDA
- Customer downloads security artifacts & searches answer bank for answers to their questions
- For remaining questions, customer uses portal to request what they need
Conclusion
As you scale your customer security review program, any step that is manual or redundant will be an added burden on how efficiently you can get through the number of customer security review requests you receive. Hopefully some of the tips and tricks laid out in this post will help you streamline your processes for customer security reviews, and help improve and maintain an effective partnership with your sales teams. Here’s to more growth, more revenue, and more Trust Building.
Next Steps
You know we had to plug our product. Conveyor Rooms empowered Partnerstack’s Trust Lead to reduce the amount of time spent on RFPs/Security questionnaires by 60%.
A few ways Conveyor can help both security and sales teams close deals faster:
- No more emailing docs + watermarking
- Instant NDA signature (speed up Sales cycle)
- Self-serve portal for customers that need access
- Knowledge base (answer bank) for you and your customers on key security questions
- Use it as a competitive advantage: our transparency is part of who we are
- Analytics on where your prospect/customer is in the security review and the actions they’re taking