Wielding the power of compliance to build trust with customers and prospects

Rob deJuana-Matthews (00:00):

Welcome everyone. Let's get started with some introductions. I'm Rob deJuana-Matthews, Senior Product Marketing Manager here at Conveyor and joined by Kyle Taylor, our Product Manager for Rooms. Welcome to "Wielding the Power of Compliance to Build Trust with Customers and Prospects." Thanks for taking time out of your day to join us, and Kyle, a special thank you to you for joining me today.

Kyle Taylor (00:24):

Yeah, thanks, Rob. I'm really excited to talk about customer trust today. Really, our overall mission here at Conveyor is to build trust on the internet and to that end, we help companies run their security and compliance programs, but more importantly, we help companies like yours and those here, who are getting dozens of requests to prove security compliance with their customers. And we know that building customer trust is essential, but can be a difficult part, to building trust on the internet. So yeah, as much as we can talk through that process and help you streamline that, that's kind of what we're looking to do today.

Rob deJuana-Matthews (01:05):

Yeah, and over the years, it's actually become more difficult to prove security and compliance posture. And that's because what used to be an enterprise conversation has moved into the mid market. Now companies like yours are getting dozens of requests for security documentation and follow-ups with the dreaded security questionnaire every week. But in an ideal world, building customer trust is a simple conversation. It just makes us all more secure. But what we have right now is kind of a burdensome process. So in today's webinar, we're going to share what we've found as we've worked to make this process better.

Rob deJuana-Matthews (01:45):

So, a few housekeeping items before we get going, we're not going to just talk at you for 45 minutes. So at different points throughout the presentation, we'll be asking you some questions via our poll feature to capture your feedback, because we want to know how you're dealing with these challenges and what you're doing to solve them. We'll also make sure that we have about 10 minutes for Q and A at the end, so as we go along, if you have any questions, please put them in the Q and A tool. And the reason why we use the Q and A tool is so that if the questions run long, we don't get to all of them, we can get back to them via email afterward.

Rob deJuana-Matthews (02:19):

So, just to go over the agenda real quick, we're going to talk about the state of customer trust as it is today. What customer trust can look like and how we're streamlining building customer trust with Conveyor Rooms. And as I said, we'll have some time for Q and A at the end, so let's get started and talk about where we are today and where we are today is, from a customer trust perspective, a result of the ever evolving state of security. A few years ago, on-prem was the default where all of your data was behind a firewall. And it didn't matter what you installed, because you controlled the security and that made your security story very easy to tell. It was, "Here's the security of our system, data never leaves our system." That's it.

Rob deJuana-Matthews (03:08):

Later as you moved to a hybrid model, some data was outside of the system, but it was still very easy. You said, "Critical data is here, it's protected and this is what we do to protect it. It's only non-essential, non-critical data that is in someone else's system." But that is no longer the case. The cloud-based delivery model has become the standard, so customer data, internal data, all of that is now on someone else's system, so it's introduced a heavy responsibility to prove trust. Prospects are asking more questions and what they're asking for is more involved. So, Kyle, why is this? Why has it become so hard to prove customer trust?

Kyle Taylor (03:49):

Yeah, I mean, you touched on it a bit. With the growth of the cloud, more and more companies are exchanging data with one another and customer trust is more important, and like you've mentioned, in some ways harder to achieve than ever. When customers want to know what sort of risk they're being exposed to by doing business with you and engaging with you, the way they figured that out is kind of twofold, right?

Kyle Taylor (04:14):

The first is, they consume security and compliance documentation like audit reports or compliance reports or maybe information surrounding your policies. And the second is, that they send you security questionnaires. And we've all been on the receiving end of those, I know, Rob, you were kind of grumbling earlier, you and I have both spent our fair share of time answering those in a past life. Really, so to build trust, you need to come up with solutions for each of those problems. For this webinar, though, we're going to focus really on that first problem, which is sharing and streamlining the way that you share security and compliance documentation with your prospects during the sales cycle, because as we talk about later, being proactive in the first step, can often decrease the amount of time a company spends on the second problem, the security questionnaires.

Rob deJuana-Matthews (05:16):

Yeah, and as Kyle said, to preempt or at least reduce some of those security questionnaires, companies have been leaning on publicly sharing their security and compliance posture in trust pages on their marketing sites. So what you're looking at right now is Slack's trust page, which is kind of one of the best practice pages and they're displaying the frameworks where they passed audits and they're going into more depth.

Rob deJuana-Matthews (05:42):

So they're giving details about what they do around data protection and physical security and that's great and for some companies that will be enough, but others are going to look at this and say, "I'm glad you have this, thank you, but I need to know more." And so, this is kind of what more looks like, but Kyle, before you get into that, we want to ask a quick poll question. How many people are involved in distributing security documentation at your company? And as you answer that poll question, Kyle, what is this? What's going on here?

Kyle Taylor (06:23):

Yeah, companies that pursue compliance programs like SOC 2 or ISO or HITRUST, they need to distribute documentation to their sales prospects in a secure, confidential way. And this problem sounds simple on the surface, but when we're talking to customers and companies, they're realizing that there's a lot of steps in this process and this flow chart kind of walks you through all of those. You have to create and organize those documents, make sure an NDA is in place before you exchange any of those documents.

Kyle Taylor (06:59):

There's watermarking to prevent fraud sharing, making sure sales is sharing the most up-to-date documents and then making sure all of this has an audit record in place between all the teams and steps. But the bottom line is that each manual step needed to fulfill a request, really slows down the sales cycle. It makes distribution harder and it just takes time for all the team members involved.

Rob deJuana-Matthews (07:26):

Yeah, and for most companies, there are 12 steps to fulfilling documentation requests. You may have a few more, or hopefully a few less, but generally, you're looking at about 12 and I'm not going to go through each step here since you live this and Kyle's already talked to some of those steps. But if we take a step back and we look at this process in its entirety, it's spread across four to five teams. And so, you're talking about members of the sales team, security, legal, customer support and success, sometimes compliance, or most of the time compliance, but sometimes compliance and security are separated. So, aside from having a lengthy process, you're touching multiple departments that have different workflows that they manage in different tools. And this is where you start to see added complexity below the surface and that complexity ends up costing time.

Rob deJuana-Matthews (08:24):

The ideal is that you want to get from the prospect requesting a document from sales to them saying they have enough information and they're satisfied enough to move forward. And you want to do that as quickly as possible. And that's illustrated by these two white boxes that we have and the yellow line between them. But what's actually happening is that you're going through everything around it, you're going through the 12 step process that has a lot of pitfalls along the way where things can get stuck or lost. What we found as we've talked to customers, prospects and analysts, is that this process on average ranges from days to weeks.

Rob deJuana-Matthews (09:01):

In the best, most optimized process, you might be able to get through it pretty quickly, which is about five days and that's pretty good, but there are a number of companies out there that are doing it in about 16 days. And this doesn't scale for a number of reasons, but the first and most important is that it's slowing down sales. But, Kyle, can you talk about what this process and the effect it's having on sales is doing to the way compliance teams are viewed?

Kyle Taylor (09:30):

Yeah, perhaps the biggest problem with the way companies currently run the process is that it really makes compliance and security feel like a cost center, right? And so, in other words, it feels like it's just getting in the way of closing more deals. And we want to help to fix that, because security and compliance are an important part of your business. We want to allow you to see how companies interact with your security and compliance documentation, but we also want to streamline and automate as much of the process as possible.

Kyle Taylor (10:01):

And in turn, this will reduce the sales cycle and really overcome that cost center narrative that we bump into a lot in the industry. Beyond that, it just frees up time for your organization. Rob was showing us this flow of the 12 steps that companies typically go through and these are the different teams that are involved in that process. It shows a list of those teams and the more time you can get these teams to focus on their core work and not on security and compliance documentation requests, the better, and we're trying to help in that regard.

Rob deJuana-Matthews (10:42):

Yeah, and I think that some people might ask, "Well, why can't they just do that work as well?" Well, it's because tracking and managing all of these customer and prospect requests and making sure that everything is flowing properly and that everything's at the right status is a huge distraction. But what does this process and all of these distractions mean from a numbers point of view? Well, we took a survey of B2B SaaS companies between 50 and 5,000 employees. But before we get to what we found, it's time for another poll. How many hours does your team spend a month on security document distribution? While you answer that, we found on average that companies were spending 35 hours a month. And some of you may say, "Wow, that sounds horrible." And others may say, "I wish it was that little amount of time."

Rob deJuana-Matthews (11:38):

The thing is, we were asking people what they were spending across their entire organization, so we wanted to get a better picture of what it was costing the entire company. So maybe you're spending 20 hours in the security and compliance team going through this process, but then all of the other teams in aggregate are spending about 15, so this is accounting for everybody. But we did also want to focus on what the compliance team is feeling and how the numbers changed as teams grew and the number of prospects they engaged with scaled. And what we found was actually surprising. Teams of two to four, we're spending about 26 and a half hours per month on distributing on security document distribution. But as they doubled the team size, the amount of hours quadrupled to 100. Kyle, why do you think that is?

Kyle Taylor (12:36):

Yeah, what we're seeing as we've gone out and talked with companies, is that when these companies scale, obviously their customer trust program has to scale as well, right? The way they deal with it is by hiring more people. In business school, professors often refer to this as a body shop, meaning when your processes don't scale exponentially and you just need more bodies to get the job done. So when you do this, you don't really see a time savings or cost savings at these larger companies that are fielding more and more of these documentation requests. So, our goal is really to provide you with a process that scales with your company and doesn't require you to hire more and more people to keep up with it.

Rob deJuana-Matthews (13:21):

And not to put too fine a point on it, but what Kyle just said about a process that scales with your company is really important. One of the people we talked to during our survey was the head of security at a large project management company and his company has scaled much quicker than his team has and his process hasn't really scaled that much at all. And so, what's happened with him is that he has a four person team that is now spending 100 hours a month on distributing security documentation and that's rough. And their biggest challenge that they said that they're having is that they're coordinating back and forth with sales. And that's understandable considering, to get to 100 hours a month, your sales team's probably cooking. But although it's an unfortunate position to be in, it's easy to understand when you think about how quickly growth happens at a company that finds product market fit and how prospects approach evaluating your security posture.

Rob deJuana-Matthews (14:25):

So, if we think back to the example of Slack's trust page that we talked about a little while ago, where we said it was sufficient for a number of companies, but others will ask for more, you start to get this picture of what we call the security satisfaction funnel. And as we talked to customers, prospects and analysts, we came to realize that on average, 50% of your customers will be satisfied with the information on a best practice trust page. Their security management program doesn't require them to ask more questions. But 30% will say, "Okay, well, once I have these security documents that I'm requesting, that's good, I'm happy." And then, 20% will see that security documentation and say, "You know what? I still need more information, so here's the dreaded assessment." But that's if you have a good process in place for providing that security documentation quickly and easily. If you don't, that number could be a lot higher.

Rob deJuana-Matthews (15:31):

And to put it in perspective, one of the companies that we talked to during our survey has implemented a method of sharing security documentation that's pretty good and they said that only 10% of their customers ended up issuing them a security questionnaire. So between the public trust posture share, which is, "Here, these are the compliance frameworks that we pass audits for and here's our documentation," 90% of the customers that they dealt with were saying, "Cool, I'm ready to move forward." So, you're starting to see that if you start implementing this process and you start getting this right, what this could look like. And so, let's talk about it. Kyle, what can this be?

Kyle Taylor (16:17):

Yeah, I mean, really what we're trying to avoid, like we've talked about, is the situation we see all too often, and that's kind of highlighted in the green bar with the traditional more manual processes of sharing documentation back and forth. And really, as your company scales your customer trust program and time spent on it scales exponentially. So, we know the time will inevitably increase, but with more automated methods and a better process, we're shooting for something that looks a little bit more like the orange line. And you can imagine the several benefits, both from a time savings and cost savings perspective, that it would give your team and company if you're able to achieve that.

Rob deJuana-Matthews (17:04):

Yeah, and so, those time and cost savings Kyle was talking about, they come from simplifying the process. And by that I mean, you want to have a single place where you can store and share your security documentation. But before we go into that a little more, how many days does it take for your team to go through the process of document distribution? And so, to get back into what simplifying the process looks like, when you're doing this, it's turning things into a one-to-many solution. So, you upload the documents once and sales gets their request and they're able to just share a link with prospects that allows them instant access to the documents that they need.

Rob deJuana-Matthews (17:53):

So, you're turning what was taking weeks into minutes, so 16 days might take 30 minutes now and there's a huge benefit to that. That means that there's no more follow-up. You've eliminated the back and forth between you, your team members and prospects and when prospects can easily find the documentations relevant to them and get instant access to that, you've eliminated the chance for human error. So, your team members are no longer building bespoke compliance packets, so there's not a chance that they might forget to include a document that's really important and you're no longer searching through really long email threads, trying to track down statuses and prevent misunderstandings or miss requests. So, you're ensuring that prospects are always getting the most up-to-date documentation in the most efficient manner possible. And what's even better, is that you can quickly and easily see what documents prospects have and what they still need.

Rob deJuana-Matthews (19:01):

So, now that we've talked about some of the other benefits, how does this new state of customer trust benefit you specifically, the compliance team members? Well, Kyle spoke earlier about how compliance isn't a cost center, we know that. We actually know that it's a growth driver. And now, with [inaudible 00:19:21] customer trust, you're able to measure that. You're able to measure the impact that it's having on business growth. You can get insight into which certification prospects value most. You can say, "Hey, companies in the healthcare vertical aren't really viewing any documents around HIPAA that much, because they don't care. It's table stakes now. What they are asking for and what they are viewing is high trust."

Rob deJuana-Matthews (19:44):

You can see if companies are viewing your security white papers more than your SOC 2 reports, you can see that your pen tests are really important, or maybe your incident reports are allowing people, once they see that, they're able to move forward. So you can show that your security is actually driving sales and you're able to invest in more of that. So essentially, you get the data to prove to leadership that compliance is driving the business. It's not a cost center that's costing the business money, it's actually helping the business close deals. And, Kyle, there's another benefit to this, there's something else beyond this. Why don't you tell us about that?

Kyle Taylor (20:26):

Yeah, for sure. It's one thing to share documentation and improve that process in order to close a deal, but with the things that we're working on, product that we're working on and that we've built, you can actually go one step further and keep your customers up to date after the sale as well. So, you've got this single portal where they can view documents. You can push updates to customers in a single click. You can add customers to access groups based on frameworks or their needs and then whenever you update those, customer success doesn't have to figure out who they need to reach out to, the system does it for them automatically.

Kyle Taylor (21:09):

So, you engage one time during the sales cycle with a customer and get them in on the platform and then they get a tailored experience for the life of the relationship with your company. And we found that being proactive about sharing security and compliance documentation with your current customers, actually helps improve your renewal rates. And so, that really can't be understated, right? We're really taking what has been viewed as a cost center, as something that's helping drive growth and customer retention by continually keeping your customers in the loop with how you're doing from a compliance and security standpoint.

Rob deJuana-Matthews (21:52):

Yeah. And so, we've been talking about all of this and what it can be. And of course, this is not a speculative conversation, you wouldn't be here if it was. We built a solution that gets you to that ideal world, and I'm really excited about it, but of course, I'm the product marketing guy, I'm supposed to be, I know. But I really, really am. And so, Kyle, I guess now's the time for us to show them what we're so excited about, so, demo time?

Kyle Taylor (22:19):

Yeah, let's dive in. So, here's this product and we're calling it Rooms. It lives within Conveyor and it really is a portal for you to share your security and compliance documentation and other security artifacts with sales prospects and current customers. The first thing I want to point out is that Rooms itself is completely branded to your company. You can change colors and upload your logo so that the look and feel of it feels like your company. But then, we start to dive in and see that you can create documents, you can create folders for those documents to live in. And what's really important is you can really fine tune the access of all of this, right?

Kyle Taylor (23:08):

Maybe you have an important customer that's doing a customer led audit with you and you have got specific documents for that customer and for that customer only. You can create a folder, put those documents in there and then only exchange that data with that particular customer. Maybe you've got some policy documents or some documents that all users that you invite to your room can access. Maybe you've got an overview document that anyone that has access to your room can access, but there are more sensitive things like penetration tests and others that might require special access granted by you. So we allow for that flexibility of being able to provide things to everyone who comes in and then have a select group of documents that's set apart.

Kyle Taylor (24:03):

So, that's great, that's all good, but we make sharing your room pretty easy. You can invite individual contacts and then fine tune the access that they have, where you can also share via a link, right? We've given you this unique link and that allows people to self-serve and request access to your room. So what we're seeing is we're seeing these larger companies that are fielding a lot of requests, actually put a link to this request form on their trust and security page and then prospects can come in, request access, include a message and all of those access requests have to be approved by you. But once they do, they are now granted access to the room and they can see all the documents that you've agreed to show them. And so, that takes out so many steps if you've got like a single source or single link that you can send all prospects to and funnel all the requests into.

Kyle Taylor (25:09):

Beyond that, we thought through a few things that, when we go through that 12 step workflow, we're trying to do as many of those steps for you as we can. And one of them is the NDA. With the NDA, we provide a couple options. You can have a click through, click wrap NDA. We also integrate with DocuSign. And so, if your company uses DocuSign, you can integrate that DocuSign NDA directly with your room and people have to go through that signing process before they have access. This just makes sure that everyone who comes into your room has the NDA in place and that you're all set to go there as well. Beyond the NDA, anytime someone downloads a document, it's automatically watermarked with their email and the date. It watermarks all the pages for you, you don't have to think about it. And so, that's a nice feature that comes baked in with Rooms, as well as document versioning.

Kyle Taylor (26:17):

So, anytime you make an update to a document, upload a new version, we keep all the versions in history for you, which is a nice feature for you to see which documents go through different iterations, who saw which version of the document and you can imagine some of the benefits there. But one important thing that we're doing is, we're tracking, one, an audit log on everything that happens in your room, but also we're tracking metrics. And this is a demo account, but you can imagine, as you invite more and more prospects, you can start to see, "Okay, which documents are getting downloaded the most? Is our SOC 2 worth the effort required every year to keep it active?" And this helps you have meaningful conversations with your executive team and others at the company that are asking about, "Okay, what good are these compliance frameworks for us?"

Kyle Taylor (27:16):

We also keep track of individual accounts that download those documents and interact with them. And so, you can imagine a member of your sales team coming to you and saying, "Hey, this deal with this company seems stalled, can you let me know if they've gone in and actually accessed any of the documents? I know I've sent over the link." And you can kind of see those insights into some of those things more easily, because it's being all tracked through Rooms. Instead of doing the usual diving through email threads, you're able to find it all in one spot. And so, those are some of the key benefits. You can collaborate with members of your team, you can fine tune access, revoke access at any time, set up access groups depending on folders and documents and then also keeping track of NDAs, who has access, what metrics, which documents have been downloaded by who? All in one space.

Kyle Taylor (28:19):

And what we found is that this is dramatically improving the processes for these companies that are fielding dozens of these requests per week. And maybe you're not quite there yet, but putting this in place will help you when you scale to let the process scale with you rather than becoming really, a bottleneck. And so, Rob, that's the demo, I want to make sure we've got time for some Q and A and to answer, so I'll go ahead and stop sharing my screen. But yeah, thanks for giving me the time to share a product that's close to my heart that we've been working on and that a lot of our customers have found to be really beneficial.

Rob deJuana-Matthews (29:18):

Thanks, Kyle. Yeah, that is very, very exciting. And what you're starting to see is that, although achieving customer trust has never been harder, we're working every day here at Conveyor to make sure that with Conveyor, it's never been easier to do. And so, we really do, like Kyle said, want to make sure that we have time for Q and A, so if you put your questions in the Q and A tool, we'll start getting... Okay, we've got some. Okay, so Kyle, someone asked, we time box our prospect's access to certain documents. Is it possible to revoke a user's access in Rooms after a certain amount of time?

Kyle Taylor (30:14):

Yeah, so at any time you can revoke anyone's access. And if you've got certain amounts of time that you need to do that, we can handle any of those. Some people like to give access for a week, some people like to give access for a month and we let you fine tune when you give and revoke that access, so that's a great question.

Rob deJuana-Matthews (30:40):

Okay, we have another. Is there a benefit of having the customer resign the NDA?

Kyle Taylor (30:48):

Yeah, so there's a few ways we can handle this. If you've already got a signed NDA for a customer, we actually have a spot in the tool where you can bypass the NDA requirement for a given prospect. So maybe you've already got a relationship in place with the current customer and you're giving them access to a room, then you can give them access to the room... Sorry, I got a little distracted. You can actually approve that request without their NDA requirement. And so, we found that some companies, for the vast majority, they like the tool to handle the NDA for them. And for others, they like to bypass that, because they've already got a relationship in place, so that's a great question.

Rob deJuana-Matthews (31:53):

Give me one second. Kyle, I think... Yes, I have another question. Can auditors also benefit from Rooms?

Kyle Taylor (32:11):

Yeah, so that's a really good question and one that we've talked through quite a bit. So there are a few cases where Rooms have beneficial outcomes in audits. One is customer led audits, maybe have a few VIP customers that run audits of their own and you need to share documentation with them. You can create a folder for that and share those documents with only those prospects or only those customers.

Kyle Taylor (32:42):

You can do the same thing with auditors. The Conveyor tool has an audit module where you can upload evidence request lists and other things, but you can also use Rooms to share any documentation or evidence with your auditors. And because we allow you to fine tune access, you're able to determine which of those auditors have access to the folder and those documents that you put in there. So yes, we've seen people use it for customer that audits, for auditors, and for just sharing with their prospects and customers as well.

Rob deJuana-Matthews (33:22):

I have one more here. On the customers page, do you have the ability to search for a specific customer or user?

Kyle Taylor (33:32):

Yeah, so when you are on the customer page and you're seeing who has access, you can easily search for specific customers, specific users, see which accounts have downloaded what documents and how many times they've interacted or downloaded those documents. And so, we fine tune to an individual email level, all of those metrics and behaviors, so it's a great question. And that's one of the things that our customers have liked about the tool, is to not only see the accounts that are accessing it, but the individual email addresses and the individual people that are accessing it as well.

Rob deJuana-Matthews (34:16):

We had another question about the poll responses, and so, one of the polls, how many days it takes for your team to go through the process of document distribution? 75% of people said that it's about one to five days. And then, 25% said, of course, six to 10. So, Kyle, what do you think about that?

Kyle Taylor (34:45):

Yeah, it's interesting, we see all across the spectrum. One of the cool things that we saw when we first started using Rooms was, when we built the self-serve request page, there was an instance where a company that's processing lots of these requests had a customer that went in and requested access to their room. And that request sends out an email to their team. They fielded that request, they approved it within a minute or two and within a few minutes that customer had come in and download documents. And so, when we're talking about days and weeks condensed down into short amount of time. We've seen it time and time again, of just compressing the sales cycle and giving the people the documentation they need in the moment that they need it, really helps reduce a lot of that friction. And we've seen it work time and time again, it's really exciting to see when it does.

Rob deJuana-Matthews (35:52):

So, for the second poll, how many hours does your team spend a month on security document distribution? We had 60% say that they spent 11 to 25 hours per month on security and document distribution. We had 20% who said that they spent 10 or fewer and we had another 20% who said they were at 26 to 50. So, Kyle, what's your take on that?

Kyle Taylor (36:24):

Yeah, I mean, I think that's in the realm of what we've seen as we've talked to a broader group of companies and customers, right? I think, Rob, the average we had was around 32 hours. And for those that are spending less than 10, one, I'm really happy for you. And two, hopefully we can put a process in place so that, as more and more of those requests flood in, the numbers don't exponentially increase. And to put document distribution and sharing kind of on autopilot and automate it, will prevent that from happening. So if there's anything that we can do to cut down on that time, that's what we're interested in doing, for sure.

Rob deJuana-Matthews (37:13):

And for the first poll, how many people involved in distributing security documentation at your company? We had 80% who said three to five and we had 20% who said one to two, so that's kind of in line with what we were thinking before as well, right?

Kyle Taylor (37:31):

Yeah, for sure. And that team of three to five, beyond that often is different people at the company that you have to pull in. Maybe they're not a core part of the process, but if you're having to pull them in and get feedback from team members outside of that core team of three to five, that's also time savings as well, so that fits well in line with what we've heard in the market of those team sizes, so that's good to know that the data's matching up there.

Rob deJuana-Matthews (38:08):

All right. Well, I think that is it for Q and A. We are going to be able to give you back about four minutes in your day, so thank you very much for joining us and for taking the time out of your day. And if you have any other questions or anything else, please feel free to get in touch with us.

Kyle Taylor (38:31):

Appreciate it. Thanks, Rob. Thanks, everyone.

‍