Whistic Could Seek Partners for Supplier Risk Marketplace

June 23, 2022

Whistic, a network for assessing, publishing, and sharing vendor security information, could look at strategic partnerships to enter new international markets, said Nick Sorensen, CEO. 

On 7 June, the Pleasant Grove, Utah-based company raised USD 35m in a Series B led by JMI Equity. Forgepoint Capital and existing investors Emergence Capital, Album VC and FJ Labs also participated in the round. To date, the company has raised a total of just over USD 50m, Sorensen said. There is no majority investor in the company, he added. 

Proceeds of the latest round will be used to continue to invest in product and engineering and expand the vendor security network. Sorensen said he expects to hire on the sales, marketing and customer success side of the business. The company doubled in size in 2020 and he expects rapid growth this year as well. While revenue is primarily from the US, the company has customers in more than a dozen countries outside the US. “We would likely look at partnerships as a way to expand that,” he said. 

Regions of interest include Europe, Australia and the UK although the company has not yet identified specific countries for strategic partnerships, he said.

The company is not actively looking for acquisitions but he said it would be open to conversations with players in the vendor security space. Asked to name competitors, Sorenson said, “We kind of created a category.”

Legacy players in the vendor risk management field typically sent questionnaires to third-party vendors on behalf of their customers. There are more than 100 companies engaged in that sort of business model, he said. The larger players include Prevalent, RSA Archer and OneTrust, he said. Whistic, by contrast, has a structure more similar to LinkedIn. “Vendors publish a Whistic profile which potential customers can access through our platform. We bring together buyers and sellers.”

Founded in 2015, Whistic has 80 employees and hundreds of customers, he said, without providing a revenue figure. Its revenue model is software as a service, he said. 

Sorensen declined to comment on profitability and said the company has no need for capital in the next 12 months. Asked about an exit timeline, he said, “We’re not anxious to move on anytime soon.” 

The size of the company’s purchasing security network is 40,000 vendors. Typical customers are fast-growing companies ranging from 10 to 1,000 employees, he said, including Okta, Airbnb, Zendesk, Asana, Atlassian, Snap, Notion, and TripActions. 

Appeared in MergerMarket, June 21, 2022

information security cybersecurity vendor risk assessment vendor security review vendor security management

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.