Building trust with customers today is complicated
Picture this: You have your coffee/tea in hand and fire up your computer in the morning. Lo and behold, you have 30 new messages of back and forth between your security team, the sales team, legal, and product — all trying to figure out if various prospects have enough information to complete their security review and move forward in the sales cycle. Questions come from all angles, questions like:
- Did they sign the NDA?
- Have they been sent the most recent SOC 2?
- Do we complete dynamic code analysis? What’s our process?
- Which customer questionnaires are still open/in review?
Basically, it’s a situation of “who’s on first” and your day has just been detoured.
That’s what building customer trust looks like for many companies today — especially companies who are at the beginning of the journey to mature their customer trust program.
More and more, companies are realizing the need to bring security and trust up earlier in the conversation with customers and prospects. Digital transformation is no longer the foundation for competitive advantage — trust transformation is.
One of the best ways to build trust upfront is to proactively share information about your security posture on your website. Some companies have started publishing security pages to list things like compliance certifications, links to white papers, and Frequently Asked Questions. But at Conveyor, we believe this is just the first step. Trust portals are the next advancement in customer trust building.
The difference between a security page and a trust portal
Yes, security and compliance pages are a step in the right direction to being proactive about your trust posture & helping reduce customer security questionnaires. However, even companies with well-documented security pages or ‘trust centers’ on their websites don’t often provide a way to ask questions, access documentation, or self-serve information in real time.
Typically, prospects are routed to a ‘contact us’ form or even to their sales representative to obtain security information. That’s why the security review process can be challenging to manage and time-consuming - i.e. the example with your morning coffee above.
That’s where a trust portal can come in handy.
A trust portal is the best way to centralize and streamline a process that is increasingly critical to closing and retaining business.
So, what is a trust portal and why do you need one?
At Conveyor, we believe a trust portal should be a centralized source for all of your security information to prove your trustworthiness to prospects and customers. It should be 1) easily accessible to customers, 2) your source of truth for internal teams, and 3) easy for you to maintain and keep updated.
Above all, customers should be able to easily self-serve and access what they need to complete their security reviews. This reduces the questions sent to you directly and cuts time spent by your team on answering questionnaires.
A trust portal can look like a secure data room where you house all of your security documents that includes a customer facing answer bank of commonly asked questions.
There are many benefits of a trust portal, such as:
- Having all the data centralized is the best way to keep documents and answers up to date
- Reduce staff burnout from answering the same security questionnaires over and over
- Less delay at the end of the sales cycle
- More efficient process overall and transparency when managing different deals; less back and forth of emails with customers
- Reporting functionality can help you determine where to spend your security efforts (what are customers actually requesting?)
What should be included in a trust portal?
A product overview
An overview outlining different security and compliance domains helps a customer see a holistic view of your security posture - all in one place. It’s like being able to see the buffet before you pick what you want to eat.
Besides giving prospects and customers a sense of confidence in your security efforts, a well-organized view saves everyone time and helps both your internal teams and your customers easily find answers to security questions - speeding up the process overall.
What should be included in an overview?
- A listing of certifications
- A status page
- Your subprocessor list
Secure document sharing capabilities
When customers have the ability to view and download the security documents they need directly from a trust portal, it prevents your team from having to directly manage dozens of customer requests which can be time-consuming and tedious.
What should be housed in a trust portal to be shared?
Vendor review and risk assessment inputs. The top five documents accessed on the Conveyor platform by customers are:
- SOC 2
- Penetration test executive summary
- ISO 27001
- Security program summary
- Business continuity/disaster recovery policy
Which documents shouldn’t be shared widely and should be gated behind access groups?
- Sensitive documents such as more details about the penetration test findings and remediation
- Customer specific documents requested by someone with audit rights
A customer facing security FAQ section
Your customers have questions, and most of the time, they’re all asking the same ones. Curating a customer-facing FAQ list in your portal and enabling your customer to self-serve updated Q&A’s is the best way to alleviate the pain of receiving (and having to answer) the same questions from customers over and over again.
Here’s a list of some good questions we’ve seen our customers have to tackle and how to prepare for them.
Having the ability to track and measure your security efforts can be beneficial for prioritizing security activities and can also help tie your team’s work to deals won. At the end of the day, you are doing this to help grow your business so you should be able to report on the value of your customer trust program and potential influence on deals closed.
Metrics to track:
- Top documents downloaded
- Volume of downloads by customer
- Which customers are accessing which documents
- Which questions are reviewed or accessed the most
- Time it took to complete security reviews tied to deals closed
How do I get started building a trust portal?
So, there’s a hard way and an easy way.
1. The hard “DIY” way.
Many companies today choose to build their own trust portal with their company’s engineering & product resources, but when you think through all of the steps involved to maintain and troubleshoot, it might not be worth the pain involved.
Do you really want your sales engineers running python scripts to watermark documents, your business analysts building workflows to route around request/approvals, and your engineers building request forms? Not to mention having a dedicated person/team to maintain the upkeep of the portal along with any new feature requests your team might need.
There is quite a bit to consider when choosing this route.
2. The easy way: Use Conveyor.
Conveyor is a self-serve security and trust portal built to save everyone time. The platform is both a secure data room where security teams can easily share NDA gated/auto-watermarked security docs and commonly asked Q&As with prospects and a smart knowledge base that helps internal teams find updated answers to questionnaires.
Getting started is simple and takes minutes:
- Set up free room
- Load in the common trust building documents you have such as SOC 2 report, ISO 27001 certification, or any other security report/summary
- Build a knowledge base from recently completed security questionnaires. Don’t have one? Use this free template to get started.
- Augment your public facing security page with a link back to your trust portal - we love what PagerDuty has done.
- Determine how far you will bend over backwards for a customer as you build out your process - see an example of this segmented trust building approach by customer here.
Well-oiled teams and processes around customer trust are the key to success when it comes to scaling your program as your company grows. Trust portals are just one way to delight your prospects and ensure a smooth customer security review process to help move those deals get closer to the finish line.