How Gainsight empowers sales and infosec teams 
with Whistic

Cameron Wright currently heads up the security risk management team at Gainsight, a leading provider of customer success tools. He knows from personal experience the difficulty of responding to security reviews and questionnaire requests and how they can be the reason sales cycles stall. Sales and Security work closely at Gainsight. So much so that the security team’s motto is Security Supports Sales, so it was imperative the company put in place a solution that simplified the questionnaire response process. 

Because of this, Wright knows firsthand how burdensome and time-consuming older, more manual processes for responding to those requests could be. 

“As part of my role, I’m responsible for helping clients purchase Gainsight, and we try to make the process as quick and painless as possible,” said Wright. “For a while, that was a very manual process. We didn’t have a centralized place to store our questionnaires, SOC 2, and other security documentation other than Google Drive and a spreadsheet.”

Gainsight also lacked an efficient process to manage the requests it was getting. There was no ticketing system other than adding notes to a spreadsheet, which made audits more difficult than they should have been. Because pre-sales support from the security team plays such an important role in how quickly deals are closed, Wright knew the team needed to find ways to streamline the process to improve efficiencies. 

“We were getting a lot of requests for us to respond to longer questionnaires or clarification requests that were slowing down our sales team,” related Wright. “That’s when my predecessor first looked into Whistic Profile because we needed to share those documents as quickly as possible, so we wouldn’t slow down the sales team.”

What drew Gainsight to Whistic was its functionality, ease of use, and Profile’s professional presentation of the company’s security posture. At the top of the list for the company is Whistic’s ability to enable the Gainsight sales team to share its Profile directly with customers, cutting out the middleman and answering customer questions immediately without intervention from the security team. 

Another big win for Gainsight was the tracking capability Whistic provides. Now instead of scrolling through a spreadsheet to check the status of a security review, he can log into Whistic and quickly see if there are any tasks to follow up on, which results in less work for the company and an accelerated sales cycle for the revenue team.

Wright points out it’s all about your company’s culture. If you’re just focused on closing deals at all costs without regard to security, you could run into trouble after the deal is closed if/ when your solution doesn’t meet the security requirements of your customers. When that happens, implementation has to be halted, leaving the customer with a bad taste in their mouth from the beginning of the relationship. 

Wright and his team join weekly sales huddles to help create trust around the vendor security process Gainsight built and those meetings are paying dividends. 

“We train sales to push back confidently when customers don’t initially accept the Whistic Profile,” Wright stated. “They tell the customer the Profile includes all of the latest and greatest standardized questionnaires, including a SIG, CAIQ, and others. More often than not the Profile will answer all of the questions customers have. It’s just about changing the mentality of the sales team, not to just throw every request from customers back to security to complete and use the work that’s already been done.” 

The biggest benefit Gainsight realized since implementing Whistic is the ability to track metrics associated with the vendor assessment process as well as empowering sales to take control of security conversations with customers. Additionally, Wright noted that Whistic is a scalable solution that will grow along with the company. 

“At the end of the day, I don’t like to send questionnaires out and I don’t like to respond to them either,” concluded Wright. “I’d much rather send out our SOC 2 and other documentation, and with a Whistic Profile, I can do both. Check the customer’s box of needing a completed questionnaire while also giving them detailed, validated information about our security posture.”