As the SaaS landscape moves towards a more hyper-connected, data-sharing mindset, InfoSec teams face a unique issue: how can vendor risk management processes become more transparent and collaborative without sacrificing security and compliance? In this post, we’ll take a look at the old, siloed way of assessing vendors and outline some tips for vendors and customers alike looking to improve collaboration.
Outdated siloed processes
Traditionally, vendor assessments have been a study in lengthy wait times. Between long email chains with multiple stakeholders, secure file sharing through Dropbox, Sharepoint, or another cloud-based system, and assessment responses housed in spreadsheets, the lack of transparency in the vendor risk management process was incredible. With so much waiting around time on both sides, deals often bled out from weeks into months. There was little to no transparency between vendors and customers, which meant both sides were could not move forward or even help the other side if they wanted to.
The new age of collaboration
Today, vendors and customers are highly aware of the roadblocks during the vendor risk management process and are working to avoid and overcome these issues where possible proactively. One of the easiest ways to avoid delays in any deal is to stay on top of security auditing and assessments. Modern vendors and customers are now working together, staying collaborative, and introducing new avenues of transparency into the vendor risk management process.
Tips to improve collaboration
How can your vendor team improve collaboration with other vendors, partners, and customers? Here are a few tips to stay proactive and increase collaboration:
- Share your security control information publicly. Even if you don’t share all of your security controls and data, listing the assessments or questionnaires your team adheres to can help your customers get a head start on vendor auditing.
- Publish your security changes in real-time. If your team has to change or update a security assessment or questionnaire, publishing your update in real-time can alert your customers to new information they need to assess.
- Introduce InfoSec conversations earlier in the sales cycle. Work with your sales and/or procurement teams to make sure they know to introduce InfoSec and vendor risk management conversations earlier on in the sales cycle. This way, security control conversations won’t hold up the sales cycles down the road.
- Make security a company-wide initiative. When every employee in your organization knows your team’s security policy and understands how security can impact customers, there can be organic collaboration and transparency between parties. Educate your larger company team on security initiatives so they can act as an extension of your InfoSec team when meeting with customers.
Ready to get started?
The Whistic vendor risk management platform makes it easy for vendors and customers alike to increase transparency and collaboration during the vendor assessment process. You can learn more about Whistic and get started here.