If we’re being honest, vendor assessments aren’t fun for anyone involved, especially if your company is using an outdated, mostly manual, spreadsheet-based solution that forces you to spend hours chasing down vendors or responding to questionnaire requests. Luckily, there’s been significant advances in the vendor assessment space in recent years, but there’s still a lot of room for improvement.
The future of security reviews are Zero-Touch Assessments. If you are unfamiliar with the concept, Zero-Touch Assessments occur when a vendor publishes a security profile publicly (either on their website, or a third-party marketplace or directory), enabling the customer to conduct an assessment without having to chase down information from internal stakeholders and the vendor.
If you think this scenario is a pipedream, think again! This is the direction infosec and sales teams want to go. In a recent survey, we found that 94% of companies would be willing to start a vendor assessment from a previously completed questionnaire. On the vendor side, 80% of respondents would be willing to publish security documentation publicly. Finally, 96% of respondents would be more likely to purchase from a vendor that’s transparent about its security practice.
Organizations share security information proactively to demonstrate their commitment to transparency and to speed up sales and buying cycles. It allows the sales team to focus on selling and the security team to focus on keeping the organization secure, rather than requiring either team to respond to assessment request after assessment request.
This process saves time and resources on both sides of the transaction. The customer gets what they need to complete their evaluation quickly and efficiently, and the vendor gets to stop the endless cycle of responding to redundant assessment requests.
Getting your business ready for Zero-Touch Assessments
For vendors, the first step is as obvious as it seems—assemble your security documentation, including completed standard questionnaires relevant to your customers and industry as well as certifications and audits into a Whistic Profile that was designed with Zero-Touch Assessments in mind.
Whistic makes it easy to create a public-facing view of your security profile that can be published to your website or directly to public directories like Whistic’s Trust Catalog or the Cloud Security Alliance’s STAR Registry. Additionally, through our integration with Salesforce, we enable sales teams to share that Profile proactively with customers at the beginning of sales cycles. Both of these actions will garner trust with customers. Transparency like this shows them you have nothing to hide, and more importantly that you are committed to security.
For buyers, the Zero-Touch Assessment process is even easier. You just need to seek out vendors that are as dedicated to security as you are. When customers demand their vendors be more transparent, over time they’ll have no choice but to do so or risk losing business to vendors that are.
Located in the heart of Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Zendesk, Asana, Atlassian, Snap, Notion, Navan, and G2 that are leveraging Whistic to modernize their vendor security programs.