The War Room

IT Security & Risk Assessments: How do you anticipate/manage in your sales process?

Typically, these come in as Excel Workbooks with anywhere between four and 14 tabs.

Filling out the vendor/company and product tabs are easy. Even app, hardware and networking questions are layups. But sometimes there are hundreds of questions about your testing, storage, backup, disaster recovery plan, etc.

  • I've completed enough that I know the answers (to some degree) and do an initial pass before handing over to my engineering team (or CTO, if the team is spread thin).

  • I try to maintain a master file of questions and answers so that for the next assessment, I can do more and require less of the engineering team.

  • BUT it's getting harder to codify questions into a "master question", and it seems inefficient to maintain a list of question variations/flavors which is not easy to scan through.

  • Some clients are moving to SaaS platforms that I log-in to and answer questions, and upload documents (certifications, network diagrams, etc.), but those don't make my life any easier.

What do y'all do to make this B2B SaaS sales hurdle more manageable?

Sometimes these assessments come with a RFI/RFP. Other times, the sale is closing and the contract is in redlines, then some jackass shares the assessment at the last minute. Which ultimately pushes the contract signing and execution out at least one more week. Super frustrating. Nikhil Krishnan on Twitter always fun when you have barely enough headcount to keep your startup running and you get one of these
๐Ÿ” Cybersecurity
๐Ÿ“– Prospecting Stories
๐Ÿ“ณ SaaS
Sr Sales Executive
The process of entering data into someone else's system is a PIA, and some are far more cumbersome than others.ย  They aren't meant to make YOUR life any easier; they're set up for the customer, though I'd be willing to bet the majority of those aren't easy for the customer either.

Some companies invest in platforms to handle and manage the process (RFPio, for example), and have a team that manages that process from beginning to end in tandem with the AE.ย  ย Honestly, this is the gold standard, and is great if you're in a position to handle a lot of structured inbound RFPs.

How often is this happening to you, that you have an RFP/RFI come in the door that you have to manage?ย  ย Do you have colleagues who are also managing inbound requests like this?ย  ย Is it often enough where making a request for at least additional headcount to help manage makes sense?ย  At our company, we have one person who gets each RFP, helps qualify it with the rep, manages the cadence and assigns tasks (usually the answers to specific questions) to appropriate people, and then will bundle up the result and help get it out the door, whether that's entered into another company's preferred system or out via zip.ย  ย It sounds like you're doing your best to leverage work that's already done, but I definitely wouldn't want to personally be in the position of validating security architecture information or providing a SOC 2 report.ย  ย  Is there any way you can work with your Sales Operations to get a process in place where you can have some help out of the gate with these?
Head of Sales
These assessments happen with every sale. Usually, they come up at the end of the sales process, during the end of the contracting process, but still ought to be considered the final sales hoop/hurdle. Some of the requirements can be deal-breakers.

Currently, we are responding to more RFPs in the last 3 months, than we have seen in the last 4 years total. So I feel it more now, but these assessments aren't longer or more involved than others.

We sell primarily to hospitals and health systems. Some of these clients are still wrestling with the idea of on-prem vs cloud/SaaS. A caveat I should have mentioned before.

I'm the original sales hire, and have added 2 AEs and 2 SDRs so far. This would definitely be something I tap a new Sales/CX Ops hire to help out with, as you've described. Thank you!
Sr Sales Executive
If they're not official RFPs, I definitely try to get ahead of Infosec.ย  I'll let my customer know that it's a common request, and ask for any pertinent items from them (e.g., the MNDA) as early as possible so that we can get ahead of any hurdles as much as we can.ย  ย Sorry you are currently in the position to handle these yourself.
senior account executive
Surprised to hear that these come at the end of your sales cycle on a deal. In my experience these IT/ InfoSec assessments are the very beginning of my process in dealing with and enterprise account. For reference, I deal with major financial institutions & insurance companies in Canada, so maybe just a industry difference. Typically we do push pretty hard to get these assessments as early as possible so as to mitigate a last minute deal breaker
WR Officer
Senior Account Executive
Oh this is giving me flashbacks of a certain state contract.ย  Need more beer.ย 
Account Executive
Buckle up and enjoy the ride lol
How involved are you in your company's sales strategies? Does your company take your feedback/opinions?
Continuing Education - Any certificates that will help with Enterprise Sales and growth?
Sales Team Contracting Difficulties?