If we’re being honest, vendor assessments aren’t fun for anyone involved, especially if your company is using an outdated, mostly manual, excel-based solution that forces you to spend hours chasing down vendors or responding to questionnaire requests. Luckily, there’s been significant advances in the vendor assessment space in recent years, but there’s still a lot of room for improvement.
The future of security reviews are Zero-touch Assessments. If you are unfamiliar with the concept, Zero-touch Assessments occur when a vendor publishes a security profile publicly (either on their website, or a third-party marketplace or directory), enabling the customer to conduct an assessment without having to chase down information from internal stakeholders and the vendor.
If you think this scenario is a pipedream, think again. This is the direction infosec and sales teams want to go. Whistic’s 2022 State of Vendor Security found 94% of companies surveyed would be willing to start a vendor assessment from a previously completed questionnaire. On the vendor side of things, 80% of respondents would be willing to publish security documentation publicly. Finally, 96% of respondents would be more likely to purchase from a vendor that’s transparent about its security practice.
Organizations share security information proactively to demonstrate their commitment to transparency and to speed up sales and buying cycles. [Rather than creating a security risk, as some security professionals have worried in the past] It allows the sales team to focus on selling and the security team to focus on keeping the organization secure, rather than requiring either team to respond to assessment request after assessment request.
This process saves time and resources on both sides of the transaction. The customer gets what they need to complete their evaluation quickly and efficiently, and the vendor gets to stop the endless cycle of responding to redundant assessment requests.
In the following sections we’ll delve into the impact transparency has for both vendors and their customers and provide real world examples of how to make your organization more transparent.
Getting your business ready for Zero-Touch Assessments
For vendors, the first step is as obvious as it seems — assemble your security documentation, including completed standard questionnaires relevant to your customers and industry as well as certifications and audits into a Whistic Profile that was designed with Zero-Touch Assessments in mind.
Whistic makes it easy to create a public facing view of your security profile that can be published to your website or directly to public directories like Whistic’s Trust Catalog or the Cloud Security Alliance’s STAR Registry. Additionally, through our integration with Salesforce, we enable sales teams to share that Profile proactively with customers at the beginning of sales cycles. Both of these actions will garner trust with customers. Transparency like this shows them you have nothing to hide, and more importantly that you are committed to security.
For buyers, the Zero-Touch Assessment process is even easier. You just need to seek out vendors that are as dedicated to security as you are. When customers demand their vendors be more transparent, over time they’ll have no choice but to do so or risk losing business to vendors that are.
Learn more about how Zero-Touch Assessments leverage trust to accelerate sales and buying cycles in our latest ebook, The ROI of Transparency.