Case Study

Lucid Software spends 91% less time on security questionnaires with Conveyor

“We would absolutely be underwater without Conveyor. It is important for security teams to have a reliable tool to reduce time spent on customer questionnaires.

It frees us up to do the important security activities needed to grow and sustain our business [...] If we lost Conveyor, it would grind security to a halt.”
Derek Gray
Sr. Security Analyst
ABOUT LUCID SOFTWARE
As a leading provider of visual collaboration solutions, Lucid helps teams see and build for the future with their innovative products: Lucidchart, Lucidspark, and Lucidscale. Their mission is to enable seamless visual collaboration for teams, no matter where they are located. With a global presence and an impressive customer base including Google, GE, Atlassian, and Microsoft, Lucid is known for their commitment to excellence both for their customers and in everything they do.

The "Before Conveyor" times

Lucid prides themselves on excellence in compliance and data security, with strict adherence to industry standards and regulations. Transparently communicating this to prospects during the sales cycle was critical to the team. 

“Prospective customers really want to understand how Lucid protects their data before they can sign on the dotted line,” says Derek Gray - Senior Security Analyst at Lucid. “And in the current digital climate, we certainly understand why we are put through a security review as proprietary information flows through our software.”

As Lucid grew, they were receiving about 40 security questionnaires a month from prospects, requiring a team of two analysts to spend the majority of their time on questionnaire completion.

What did the process look like?

For accounts that met a minimum revenue threshold set by the Lucid team, Sales representatives would forward the customer’s security questionnaire to the security team through Salesforce. The two security analysts would then dig through a knowledge base in an internal wiki to complete the questionnaire.

When they inevitably hit a new question or a need for clarification from another team, they would send a message to a subject matter expert in Slack. However, delays would occur as they waited for the expert to respond. Apart from completing the questionnaires, the analysts were also expected to update and manage the knowledge base.

Tedious, time-consuming work

The average questionnaire consisted of 50 questions and each questionnaire would take on average 2-4 hours to complete.

With an average of 40 questionnaires per month, two full-time team members were tasked with completing 2-3 questionnaires per day to keep up. This left little room for any other work.

"We initially promised sales that each questionnaire would be completed within 1-2 weeks,” says Derek, “However, as you know, every deal for sales is considered a "hot deal," and the sales reps often requested an exception to have their questionnaires done by the next day." 

Consequently, the security team also spent time fielding questions from sales about the status of their questionnaires.

It was a Catch-22: the security team didn’t want to delay deals from progressing, but also had other security related activities to consider.  “It was frustrating for our security analysts,” Derek said. “It felt like all they ever did was security questionnaires.”

Because of the manual nature of the work, the fact that it was taking away from other security activities, and worries over burnout and retention, Derek and his team started a months-long search for the right solution to automate questionnaire completion for Lucid.

Need for speed… and accuracy

The team was initially looking only for a trust portal, as they thought this would be a good way to deflect questionnaires. 

After further investigation and a proof of concept with another solution, they realized that the core of their problem was actually completing the questionnaires and decided to pursue a questionnaire automation solution, with the trust portal as a ‘nice to have’.

Why the shift? 

“Ultimately, we don’t think questionnaires will just go away,” noted Derek. “Even if we can reduce the volume of questionnaires that come in, we know that if we want to grow exponentially, we will still get more and more as many customers require them now as part of their purchasing process.”

When looking at solutions, speed and accuracy were paramount. 

The main requirements for Lucid were:

  1. At least a 50% improvement in their speed of questionnaire completion to get leadership buy-in.
  2. Accurate answers with limited hallucinations by the AI
  3. The ability to review and correct answers before sending back to the customer

At least 50% improvement in speed of questionnaire completion

Accurate answers with limited hallucinations by AI

Ability to review and correct answers

Rigorous testing during free proof of concept

Lucid was initially interested in Conveyor because it was the only solution using the latest in AI technology to tackle the questionnaire problem. The team entered into a ‘proof of concept’ to see if Conveyor’s GPT-questionnaire response tool could deliver on Lucid’s goals.

The Conveyor team helped Lucid set up a knowledge base by importing their questions and answers from their internal knowledge base. 

With accuracy as a main concern, Lucid brought specific metrics that the Conveyor team helped them test against, such as time per question. Their baseline was 4 minutes per question - including time it took to answer, review, format, and put back into the original file.

Because Conveyor’s GPT-response tool could auto-generate answers based on their  knowledge base, Lucid would remove answers out of past completed questionnaires and run the questionnaire through Conveyor’s tool to test against previously validated answers.

At first, Lucid was skeptical that Conveyor would be able to ingest the ‘ugliest’ formats of questionnaires (complex excel sheets, word documents, etc) and they were impressed to see that the ‘Import questionnaire’ feature worked seamlessly. 

Proof of concept results

In the first round of testing, Conveyor was able to bring the time spent on each question down from 4 minutes per question to 45 seconds per question - an 83% decrease in time. 

“We were excited,” said Derek, who was down a team member when the POC started and feeling the crunch. “It was a huge relief to see the tool perform in the way we were hoping.”

After several rounds of thorough testing, which saw similar results across the board, Lucid was able to make the business case to leadership that Conveyor’s platform wasn’t going to be just another piece of shelfware. The POC gave them confidence that they would get value from the platform on Day 1.

In addition to the quantitative measures of value, Derek also noted another reason Lucid chose Conveyor as a partner. “We see a lot of Lucid in Conveyor in how we roll out new features and innovate rapidly. The culture of continuous improvement and promptly incorporating customer feedback is deeply ingrained in Lucid, and it was icing on the cake to see firsthand during the POC that Conveyor shares the same dedication to advancement and innovation.”

After seeing an 83% decrease in time spent on questionnaires just in the POC, the team was "excited". Lucid was able to make the business case to leadership that Conveyor's platform wasn't going to be just another piece of shelfware.

Life after Conveyor = Security questionnaires automated

Lucid was able to onboard their team quickly since they had already set up their knowledge base during the proof of concept.

Once implemented, they were actually able to beat the results they saw in the proof of concept with notable improvement – from 4 minutes down to 22 seconds per question which reflected a 91% reduction in time spent on questionnaires.

Other “quality of life” improvements to the process were:

  1. Smoother workflow - since Conveyor’s platform auto-populates any questionnaire that’s uploaded, the team can now ‘tee up’ several questionnaires in the platform at once and have the difficult step of populating answers done. This has been tremendously helpful for Lucid during the busiest times at the end of the quarter as questionnaires are simply filled with answers and ready for review soon after they are uploaded.
  2. Noticed a decrease in turnaround times and decrease in follow up from sales reps as the security team was beating their SLAs 
  3. Team members who were on leave were able to jump right back in to the new process and learn the tool easily

The success of the tool has garnered attention from other departments; for example, Lucid’s legal team is now exploring adding privacy content into the knowledge base for their team to use.

"Solving the problem in an innovative way"

In addition to deploying Conveyor’s GPT-questionnaire automation tool, Lucid has also rolled out their Lucid-branded trust portal using Conveyor - which now includes the ability to let their customers upload questions to get instant answers generated from Lucid’s knowledge base content.

They are currently in the process of testing and cleaning up content before rolling out this feature for customers and are excited about the possibility of giving customers a fully automated security questionnaire solution.

“Conveyor is a great tool. It has removed us as the bottleneck on sales deals while also giving time back to focus on parts of the ISMS which is so necessary in today’s modern, rapid environment. We understand that there will be more customers and questionnaires and that’s where Conveyor’s roadmap & new feature set impresses us. We can’t wait to spin up the feature to enable our customers to upload their own questions for instant answers,” says Derek. 

He continues, “We’d love to get to a point where we don’t have to touch a questionnaire, but the customer can still get all the information they need to complete their review instantly. The idea that something like that can exist would have been science fiction a year ago. With Conveyor, it’s a reality.”

Once implemented, they were actually able to beat the results they saw in the proof of concept with notable improvement – from 4 minutes down to 22 seconds per question which reflected a 91% reduction in time spent on questionnaires.

What would a world without Conveyor look like for Lucid?

“We would absolutely be underwater without Conveyor,” says Derek. “It is important for security teams to have a reliable tool to reduce time spent on customer questionnaires. It frees us up to do the important security activities needed to grow and sustain our business – things today like creating sustainable working policies on AI or assessing vendor’s AI capabilities. If we lost Conveyor, it would grind security to a halt.”

"We’d love to get to a point where we don’t have to touch a questionnaire, but the customer can still get all the information they need to complete their review instantly.

The idea that something like that can exist would have been science fiction a year ago. With Conveyor, it’s a reality.”

Derek Gray
Sr. Security Analyst
Let's Get You Started

Make life easier for both your customers & your teams