The profiled organization provides a software for Legal teams to manage their case documentation, including personal, medical, and other highly sensitive information. Customers would constantly ask the Sales and Development teams how the company manages security internally, so they needed a way to effectively communicate their security posture to their customers and prospects.
They chose Beacon by ThirdPartyTrust, our exclusive functionality for third-parties that allows for the creation of a single security profile comprising the usual documentation, and reduces the time spent responding to assessments enabling a scalable process.
Selecting Beacon by ThirdPartyTrust
The team had a manual vendor assessment process, but it wasn’t very structured. As a third-party vendor themselves to law firms, they needed to answer security questionnaires from their customers over and over again.
This is the typical struggle every vendor faces: answering the same questions and sharing the same documents over and over again, starting from scratch on every due diligence request.
Read More: A guide to responding security reviews faster
They came across ThirdPartyTrust through a customer’s invite, who sent the connection request for them to answer a requirement. As you might know, the ThirdPartyTrust platform serves both sides of vendor risk assessments: enterprises can automate their requirements and assessment lifecycle, and vendors can respond to customer security reviews through a single profile comprising all the usual questionnaires, certifications, and attestations, such as SIG Core and Lite, CAIQ, SOC reports, pentests, etc.
Enterprises and vendors connect in the same platform to complete the end-to-end risk assessment, monitoring, and mitigation, with invites sent in both directions: organizations can either ask a vendor for documentation, or show their documentation as a vendor to a customer.
After being invited to the ThirdPartyTrust platform and seeing the potential of its Network Approach, the team at this software vendor knew it was a fit.
The Results
Now, the Business Development team can initiate the security conversation much earlier in the sales process.
“Usually we were hit with a 200-hundred security questionnaire from the client at the end of the Sales process, and they had a lot of pressure to gather all the information. Now they can do that at their own pace and they only need to inform us when there are in-depth questions or issues to remediate”, said the IT Director of the company.
Another improvement the team highlights is the flexibility to set up different third-party profiles, with their own requirements and rules. It was deemed a “straightforward and intuitive” process.
“As a vendor, we’re now able to cut down on the repetitive efforts; if we already filled out the SIG questionnaire for another customer and it’s available in our security profile, new customers will use that instead of issuing their own questionnaire.”
IT Director, Software Vendor
Collaboration with customers has also improved. Having the contact points right there on the platform and the direct channels to start a conversation, commenting on findings is made easier. With alerts, reminders, and progress notifications, the team doesn’t need to drill down on the specifics, as they get a daily digest of the overall progress.
As closing words, they summed up: “I would recommend ThirdPartyTrust as a way to get your security posture in an advertisable form, so you can use your Beacon profile to see what your answers are to standard questions and avoid going through the same security review again”.
Ready to try Beacon by ThirdPartyTrust? Schedule a free consultation with a specialist.
Is responding to security reviews slowing you down?
If your business spends hours each week responding to vendor risk assessment requests, we can help you reduce the time spent answering questionnaires in order to close deals faster.
Learn how to automate the most common questionnaire responses, how to quickly share results of SIG Lite, pen tests, etc., and how to simplify the entire process from NDA to close.
