StringerBell profile picture
StringerBell profile picture

StringerBell

Account Executive

Politicker
Acclaimed Answer
Opinionated
+5

Do you try to find out if legal/infosec to get deals through are relatively easy when looking for a new job?

I don't know if it's just my company in particular but legal and infosec is always a mess. Were ISO27001 and SOC 2 type 2 so it's not a question of not having the credentials. it just seems like when we go through contracts with for the msa and DPA the deal still has a pretty strong chance of going south. I've spoken to people who told me once they get to contracts it's basically done and that hasn't been my experience ever and I've lost deals because of it.
Are there specific type of SaaS products that draw less scrutiny from buyers when it comes to the terms? anything you might ask or look for?
🧠 Advice
🏬 Enterprise Sales
10

11 comments

Sort by:
Justatitle
Big Shot
3
Account Executive
Unfortunately there isn’t a way to avoid this. You have to check all the cyber security boxes along with penetration testing. Additionally things like where data is stored and how are always factors, companies standards are getting stricter constantly. Look at Microsoft who was just hacked
CuriousFox
WR Officer
3
🦊
@braintank
Diablo
Politicker
2
Sr. AE
For me, these are clients requirements and everything has to do with data processing and storing. Almost every company in the security, banking, govt need this for our product line. Try to find the client profile instead I guess.
BigShrimpin
Catalyst
2
Account executive
depends on the customer and the industry but soc2 is a one way street where once some start asking for it and companies can use it as an edge in deals it just becomes standard over time.

best thing you can do is set expectations really early in cycle that the contract is an important step and make sure theyre on board for those terms, better to throw the grenade yourself than have them lob it at you 6 months down the line.
jefe
Arsonist
2
🍁
I don't really know how you could dig into this during the interview process...

Anything that is accessing client systems and/or storing a lot of data is more likely to have scrutiny.
Beans
Big Shot
1
Enterprise Account Executive
Sounds like there's gaps in your security process.
Sunbunny31
Politicker
1
Sr Sales Executive 🐰
Infosec is expected in my role, and negotiating the MSA is also common. I factor these in to contract process and actually have found it useful while negotiating- if they have a go live date or sign date and you know commercials (including security) will take ~ 3 mos, use that to drive the vendor selection date and get started earlier.
unclespacejam
Politicker
1
ur dad’s brother
Got SOC2 Type 2 about 18 months ago. Tbh I’ve not found it easier (if you mean faster/ skipping the line), but going through that entire process of obtaining the cert forces your org to have all your shits in a pile. Usually this means it’s much easier to surface answers and complete infosec questionnaires/ documentation.

Slow is smooth, smooth is fast
StringerBell
Politicker
1
Account Executive
I should be clear, it’s it the security per se that’s the issue, it’s the msa where customers want us to take on a lot of risk that my legal team isn’t comfortable enough with
unclespacejam
Politicker
0
ur dad’s brother
Who’s MSA have you used when you get down to contracting? Also what space are you in? That may be the dead ringer. In my case I sell to financial institutions, if we have contracts out for red lines the deal is essentially done, but we would have gone through 2-3 months of debate/ negotiation/ commercial terms before we chat with procurement and legal
deathbysales
Politicker
0
Vice President, Sales
This is 100% how it is now. With all the new laws around security and privacy people are very sensitive to ensuring you check all the compliance boxes. I would say over the last 2 years it has really intensified especially with GDPR and European companies.

We make sure to very early on understand the requirements of the customer, what is the process to get the contract through legal, does a security evaluation need to be done? Will provide a SOC or ISO report waive the need for a full security assessment. What is the timeline for the company to eculate a security assessment. Once we have all that info we try to work backwards.
Contract needs to be signed by X day It takes 30 days for contract review we can be doing security review in parallel. It take my company 10 days to complete the assessment It take the prospect 20 days to do their security evaluation
Making sure everyone buys in on the timelines etc...

Related posts

5

Starting a new job as a BDR. Any suggestions on how to get up to speed in a new industry?

Advice
☁️
🥎
9
19
Members only

Legal finding a NEW way to F*&# up my deal......

Discussion
🏰
📈
⚖️
38
6

Curious if anyone has experience getting got ghosted for a week in the final stages of the 4 qtr, with a 10M deal…and procurement is not responsive because they’re trying to source a crappy solution from a cloud partner that’s not gonna work… Or just me?

Question
🧠
❤️
☁️
9
Bravado is a community of trusted sales professionals endorsed by their customers.
Apple Store logo
Products
The War Room Jobs Salary Guide Tech Sales U
Company
About Us How It Works Blog Bug Bounty
Contact
Press Careers
© 2024 Bravado Inc. All rights reserved.
Privacy Policy Legal and Privacy Center Sales Jobs
If you are hired as a contract sales rep by a Bravado customer, we may ask you to prove access to the employee email account provided to you by that customer. This data will be shared with customers to track your sales productivity; customers can use this data to confirm you meet the minimum activity requirements to pay out your ramp stipend and commission.