Whistic Security Profile: Now Resource-Constrained Teams Can Streamline Questionnaire Responses

September 20, 2017

When it comes to completing the time-consuming and often dreaded security reviews for your prospects or current customers, your team needs to be able to streamline the low-priority requests and spend time on the most important issues (or the most critical customers). In today’s day and age of third party security threats, more and more companies are assessing their vendors on a regular basis, which means your Information Security team will keep getting even more requests for security-related information.

In a recent blog post, we also shared that one of the most surprising things we’ve learned at Whistic is that members of Information Security teams are often spending just as much time responding to questions from sales prospects as they are spending asking questions of the third parties that pose very real security risks to their company. Doesn’t this seem a bit backwards? How does responding to these questionnaires actually help keep the company secure?

Until recently, our customers had to complete each questionnaire or respond to requests individually. In addition, many of our customers have prepared significant resources to help their customers feel prepared, but didn’t have the ability to attach the documents to the questionnaire submission. Resources they had spent weeks preparing, such as FAQs, security documentation, RFP responses, and even videos highlighting their Chief Information Officer and the company’s stance on security practices weren’t being utilized.

The inability to securely attach and share these important documents coupled with the hassle of completing each assessment one-off and not being able utilize a template for low-category clients created a gap that Whistic was excited to fill.

Introducing Whistic’s Security Profile

Many of our customers are asked on a regular basis to respond to security reviews by their prospects and customers. Now, we’ve introduced a secure, streamlined way to share multiple questionnaires, folders of documents, audits and certifications, and involve security team leadership — while at the same time tracking who it was sent to. Here are 4 ways the new Security Profiles update enables Whistic customers:

  1. Add Your Completed Questionnaires
  2. Add Your Security Team Leadership
  3. Add Supporting Documents & Audit or Certification Documents
  4. Easily Share Your Profile & Track Who You’ve Shared it With

You know all too well that there’s no silver bullet when responding to security questionnaires as each customer has different requirements. But Whistic’s new Security Profile is a huge step in the right direction. We spent a lot of time meeting with customers and testing early concepts to prove their viability. The product update allows teams to focus on quality, tailored responses to high-value customers while using more of a templated approach to lower tier prospects and customers.

Still curious how your resource-constrained team can better streamline security questionnaires? Check out this recent blog entitled, “Best Practice: How Resource-Constrained Teams Are Responding to Security Questionnaires at Scale”.

Not Yet a Whistic Customer?

If you’re not yet a Whistic customer but your Information Security team is drowning in questionnaire requests from prospects and customers, then it may be time to take advantage of Whistic and the new Security Profile functionality. By adopting a technology solution like Whistic, you can build, manage and share your security posture with those that have requested the information.

A properly crafted profile will generate trust and signal that your team places a high priority on security reviews, which is half the battle. It will also be your first line of defense in responding to questionnaire requests from prospects and customers. How much time could your team save if they shaved off a portion of the requests your organization receives each month?

Ready to Learn More?

Check out our resources below for more third party vendor best practices and insights on how your organization can effectively approach security assessments.

eBooks:

Why Third Party Security is Critically Important

Request a Live Demo with a Whistic Product Specialist

Risk Management cybersecurity security third party vendor management

About the author

Whistic
Whistic

The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.

Close