Lucid prides themselves on excellence in compliance and data security, with strict adherence to industry standards and regulations. Transparently communicating this to prospects during the sales cycle was critical to the team.
“Prospective customers really want to understand how Lucid protects their data before they can sign on the dotted line,” says Derek Gray - Senior Security Analyst at Lucid. “And in the current digital climate, we certainly understand why we are put through a security review as proprietary information flows through our software.”
As Lucid grew, they were receiving about 40 security questionnaires a month from prospects, requiring a team of two analysts to spend the majority of their time on questionnaire completion.
For accounts that met a minimum revenue threshold set by the Lucid team, Sales representatives would forward the customer’s security questionnaire to the security team through Salesforce. The two security analysts would then dig through a knowledge base in an internal wiki to complete the questionnaire.
When they inevitably hit a new question or a need for clarification from another team, they would send a message to a subject matter expert in Slack. However, delays would occur as they waited for the expert to respond. Apart from completing the questionnaires, the analysts were also expected to update and manage the knowledge base.
The average questionnaire consisted of 50 questions and each questionnaire would take on average 2-4 hours to complete.
With an average of 40 questionnaires per month, two full-time team members were tasked with completing 2-3 questionnaires per day to keep up. This left little room for any other work.
"We initially promised sales that each questionnaire would be completed within 1-2 weeks,” says Derek, “However, as you know, every deal for sales is considered a "hot deal," and the sales reps often requested an exception to have their questionnaires done by the next day."
Consequently, the security team also spent time fielding questions from sales about the status of their questionnaires.
It was a Catch-22: the security team didn’t want to delay deals from progressing, but also had other security related activities to consider. “It was frustrating for our security analysts,” Derek said. “It felt like all they ever did was security questionnaires.”
Because of the manual nature of the work, the fact that it was taking away from other security activities, and worries over burnout and retention, Derek and his team started a months-long search for the right solution to automate questionnaire completion for Lucid.
The team was initially looking only for a trust portal, as they thought this would be a good way to deflect questionnaires.
After further investigation and a proof of concept with another solution, they realized that the core of their problem was actually completing the questionnaires and decided to pursue a questionnaire automation solution, with the trust portal as a ‘nice to have’.
Why the shift?
“Ultimately, we don’t think questionnaires will just go away,” noted Derek. “Even if we can reduce the volume of questionnaires that come in, we know that if we want to grow exponentially, we will still get more and more as many customers require them now as part of their purchasing process.”
When looking at solutions, speed and accuracy were paramount.
The main requirements for Lucid were:
Lucid was initially interested in Conveyor because it was the only solution using the latest in AI technology to tackle the questionnaire problem. The team entered into a ‘proof of concept’ to see if Conveyor’s GPT-questionnaire response tool could deliver on Lucid’s goals.
The Conveyor team helped Lucid set up a knowledge base by importing their questions and answers from their internal knowledge base.
With accuracy as a main concern, Lucid brought specific metrics that the Conveyor team helped them test against, such as time per question. Their baseline was 4 minutes per question - including time it took to answer, review, format, and put back into the original file.
Because Conveyor’s GPT-response tool could auto-generate answers based on their knowledge base, Lucid would remove answers out of past completed questionnaires and run the questionnaire through Conveyor’s tool to test against previously validated answers.
At first, Lucid was skeptical that Conveyor would be able to ingest the ‘ugliest’ formats of questionnaires (complex excel sheets, word documents, etc) and they were impressed to see that the ‘Import questionnaire’ feature worked seamlessly.
In the first round of testing, Conveyor was able to bring the time spent on each question down from 4 minutes per question to 45 seconds per question - an 83% decrease in time.
“We were excited,” said Derek, who was down a team member when the POC started and feeling the crunch. “It was a huge relief to see the tool perform in the way we were hoping.”
After several rounds of thorough testing, which saw similar results across the board, Lucid was able to make the business case to leadership that Conveyor’s platform wasn’t going to be just another piece of shelfware. The POC gave them confidence that they would get value from the platform on Day 1.
In addition to the quantitative measures of value, Derek also noted another reason Lucid chose Conveyor as a partner. “We see a lot of Lucid in Conveyor in how we roll out new features and innovate rapidly. The culture of continuous improvement and promptly incorporating customer feedback is deeply ingrained in Lucid, and it was icing on the cake to see firsthand during the POC that Conveyor shares the same dedication to advancement and innovation.”
After seeing an 83% decrease in time spent on questionnaires just in the POC, the team was "excited". Lucid was able to make the business case to leadership that Conveyor's platform wasn't going to be just another piece of shelfware.
Lucid was able to onboard their team quickly since they had already set up their knowledge base during the proof of concept.
Once implemented, they were actually able to beat the results they saw in the proof of concept with notable improvement – from 4 minutes down to 22 seconds per question which reflected a 91% reduction in time spent on questionnaires.
Other “quality of life” improvements to the process were:
The success of the tool has garnered attention from other departments; for example, Lucid’s legal team is now exploring adding privacy content into the knowledge base for their team to use.
In addition to deploying Conveyor’s GPT-questionnaire automation tool, Lucid has also rolled out their Lucid-branded trust portal using Conveyor - which now includes the ability to let their customers upload questions to get instant answers generated from Lucid’s knowledge base content.
They are currently in the process of testing and cleaning up content before rolling out this feature for customers and are excited about the possibility of giving customers a fully automated security questionnaire solution.
“Conveyor is a great tool. It has removed us as the bottleneck on sales deals while also giving time back to focus on parts of the ISMS which is so necessary in today’s modern, rapid environment. We understand that there will be more customers and questionnaires and that’s where Conveyor’s roadmap & new feature set impresses us. We can’t wait to spin up the feature to enable our customers to upload their own questions for instant answers,” says Derek.
He continues, “We’d love to get to a point where we don’t have to touch a questionnaire, but the customer can still get all the information they need to complete their review instantly. The idea that something like that can exist would have been science fiction a year ago. With Conveyor, it’s a reality.”
Once implemented, they were actually able to beat the results they saw in the proof of concept with notable improvement – from 4 minutes down to 22 seconds per question which reflected a 91% reduction in time spent on questionnaires.
“We would absolutely be underwater without Conveyor,” says Derek. “It is important for security teams to have a reliable tool to reduce time spent on customer questionnaires. It frees us up to do the important security activities needed to grow and sustain our business – things today like creating sustainable working policies on AI or assessing vendor’s AI capabilities. If we lost Conveyor, it would grind security to a halt.”
"We’d love to get to a point where we don’t have to touch a questionnaire, but the customer can still get all the information they need to complete their review instantly.
The idea that something like that can exist would have been science fiction a year ago. With Conveyor, it’s a reality.”
