When the team at Hoxhunt was invited to the ThirdPartyTrust platform as a vendor to fill out the security requirements of one of their customers, they decided they needed the tool for themselves. Finally, an automated, easy-to-use solution to fulfil vendor risk assessments and eliminate emails and spreadsheets…
As a third party vendor to other organizations, Hoxhunt is often asked to show their security posture as part of their customers’ vendor risk management (VRM) process. But the manual response process was draining their resources, with the team spending valuable hours filling out redundant security questionnaires.
With Beacon by ThirdPartyTrust, Hoxhunt automated the response to due diligence requests and grew their customer base by 10% by showing a robust security posture that is centralized in a single security profile. Download the full case study to learn more:
Below is a recap of our conversation with our customer, Sean Bullock, Contract Manager at Hoxhunt —A cybersecurity training platform developer with headquarters in Finland.
Q: What challenges were you facing in your vendor response process?
We’d been having the usual problem with vendor questionnaires. Every time we provided our solution to new customers, we were asked to fill out gigantic spreadsheets with security questions and it was becoming a drain in our resources.
Our vendor response process was 100% manual and time-consuming. It was also repetitive, as there’s an overlap in the questions that we’re asked as a third party vendor. Customers are usually looking for our SOC 2 report or SIG Lite, but we were sharing that information in a one-off manner.
In addition, there was an issue with ownership: where should the security questionnaires sit? They’re part of the sales process, but they also involve other departments and efforts across the business to fill them out.
It wasn’t the best use of our resources to be answering these questions over and over again. So when the ThirdPartyTrust solution presented itself, it was a no brainer really.
Q: Why did you choose Beacon by ThirdPartyTrust?
We were providing another company with our SaaS solution and they used ThirdPartyTrust for their vendor onboarding. So we filled in all their required information, including our SIG Lite, and it was such an easy and quick process. We immediately looked into using ThirdPartyTrust ourselves.
I wasn’t actually aware that there were solutions that could address this problem, so when we saw ThirdPartyTrust, we were really happy to give it a go. Plus the price point was so reasonable, it was money really well spent.
Q: How did Beacon by ThirdPartyTrust improve your operation?
The value of Beacon by ThirdPartyTrust is allowing us to answer these questions once, and proactively share our security posture with our customers any time we need to.
Beacon freed up the team to be able to focus on other things, such as longer term projects with high benefits, instead of focusing on day-to-day tasks. Our workforce can now do more meaningful tasks than filling out security questionnaires.
Think of a CTO or a senior cybersecurity executive, who are among the highest paid people in any company… If they’re spending the majority of their time answering security questionnaires, it’s not the best use of their time. The questionnaires can be quite technical, so we need their knowledge, but we can’t have that be their main focus.
Q: Can you describe how you use Beacon by ThirdPartyTrust?
We created our Beacon profile, which now centralizes all our security documentation, such as our SIG Lite, insurance policies, and our SOC 2 report, which is what most customers are looking for.
Every time a new customer wants to perform due diligence to assess our security posture, we send out a connection request and invite them to view our Beacon profile. It only takes a couple of clicks, and we can customize what documents we want to share with them. That way, the latest version of our documentation is centralized and accessible to anyone who needs it.
We send an average of 5 profile shares a month and we have a 90% acceptance rate. We have never received any complaints, as it’s quite easy for customers to access ThirdPartyTrust and fulfil their compliance needs with what they see there.
Security questionnaires haven’t been an issue since we started using ThirdPartyTrust. We’re now responding in a more organized way, with improved visibility and ownership.
Q: Would you recommend ThirdPartyTrust to other organizations?
I would recommend ThirdPartyTrust to other businesses because it allows you to divert your company resources in places where they’re better spent. It frees up key staff members to focus on higher value activities.
I also want to point out the level of service that I’ve had from the staff at ThirdPartyTrust. Our calls with our Customer Success Manager have been really helpful and well prepared. By now, we have developed a high level of trust and formed a true partnership. I’m really impressed with the level of service at ThirdPartyTrust.
Is responding to security reviews slowing you down?
If your business spends hours each week responding to vendor risk assessment requests, we can help you reduce the time spent answering questionnaires in order to close deals faster.
Learn how to automate the most common questionnaire responses, how to quickly share results of SIG Lite, pen tests, etc., and how to simplify the entire process from NDA to close.
