MrMonte

Head of Sales

Valued Contributor

IT Security & Risk Assessments: How do you anticipate/manage in your sales process?

Typically, these come in as Excel Workbooks with anywhere between four and 14 tabs.

Filling out the vendor/company and product tabs are easy. Even app, hardware and networking questions are layups. But sometimes there are hundreds of questions about your testing, storage, backup, disaster recovery plan, etc.

I've completed enough that I know the answers (to some degree) and do an initial pass before handing over to my engineering team (or CTO, if the team is spread thin).

I try to maintain a master file of questions and answers so that for the next assessment, I can do more and require less of the engineering team.

BUT it's getting harder to codify questions into a "master question", and it seems inefficient to maintain a list of question variations/flavors which is not easy to scan through.

Some clients are moving to SaaS platforms that I log-in to and answer questions, and upload documents (certifications, network diagrams, etc.), but those don't make my life any easier.

What do y'all do to make this B2B SaaS sales hurdle more manageable?

Sometimes these assessments come with a RFI/RFP. Other times, the sale is closing and the contract is in redlines, then some jackass shares the assessment at the last minute. Which ultimately pushes the contract signing and execution out at least one more week. Super frustrating.

https://twitter.com/nikillinit/status/1479206599768039424?s=20 Nikhil Krishnan on Twitter always fun when you have barely enough headcount to keep your startup running and you get one of these https://t.co/UTPjpUMBmu

🔐 Cybersecurity

📖 Prospecting Stories

3

7 comments

Sort by:

Sunbunny31

Politicker

3

Sr Sales Executive 🐰

The process of entering data into someone else's system is a PIA, and some are far more cumbersome than others. They aren't meant to make YOUR life any easier; they're set up for the customer, though I'd be willing to bet the majority of those aren't easy for the customer either.

Some companies invest in platforms to handle and manage the process (RFPio, for example), and have a team that manages that process from beginning to end in tandem with the AE. Honestly, this is the gold standard, and is great if you're in a position to handle a lot of structured inbound RFPs.

How often is this happening to you, that you have an RFP/RFI come in the door that you have to manage? Do you have colleagues who are also managing inbound requests like this? Is it often enough where making a request for at least additional headcount to help manage makes sense? At our company, we have one person who gets each RFP, helps qualify it with the rep, manages the cadence and assigns tasks (usually the answers to specific questions) to appropriate people, and then will bundle up the result and help get it out the door, whether that's entered into another company's preferred system or out via zip. It sounds like you're doing your best to leverage work that's already done, but I definitely wouldn't want to personally be in the position of validating security architecture information or providing a SOC 2 report. Is there any way you can work with your Sales Operations to get a process in place where you can have some help out of the gate with these?

MrMonte

Arsonist

1

Head of Sales

These assessments happen with every sale. Usually, they come up at the end of the sales process, during the end of the contracting process, but still ought to be considered the final sales hoop/hurdle. Some of the requirements can be deal-breakers.

Currently, we are responding to more RFPs in the last 3 months, than we have seen in the last 4 years total. So I feel it more now, but these assessments aren't longer or more involved than others.

We sell primarily to hospitals and health systems. Some of these clients are still wrestling with the idea of on-prem vs cloud/SaaS. A caveat I should have mentioned before.

I'm the original sales hire, and have added 2 AEs and 2 SDRs so far. This would definitely be something I tap a new Sales/CX Ops hire to help out with, as you've described. Thank you!

Sunbunny31

Politicker

2

Sr Sales Executive 🐰

If they're not official RFPs, I definitely try to get ahead of Infosec. I'll let my customer know that it's a common request, and ask for any pertinent items from them (e.g., the MNDA) as early as possible so that we can get ahead of any hurdles as much as we can. Sorry you are currently in the position to handle these yourself.

unclespacejam

Politicker

0

ur dad’s brother

Surprised to hear that these come at the end of your sales cycle on a deal. In my experience these IT/ InfoSec assessments are the very beginning of my process in dealing with and enterprise account. For reference, I deal with major financial institutions & insurance companies in Canada, so maybe just a industry difference. Typically we do push pretty hard to get these assessments as early as possible so as to mitigate a last minute deal breaker

CuriousFox

WR Officer

2

🦊

Oh this is giving me flashbacks of a certain state contract. Need more beer.

Upper_Class_SaaS

Politicker

1

Account Executive

Buckle up and enjoy the ride lol

Kosta_Konfucius

Politicker

0

Sales Rep

Only advice that is good for everyone

Bravado is a community of trusted sales professionals endorsed by their customers.

Products

The War Room Jobs Salary Guide Tech Sales U

Company

About Us How It Works Blog Bug Bounty

Contact

© 2024 Bravado Inc. All rights reserved.

Privacy Policy Legal and Privacy Center Sales Jobs

If you are hired as a contract sales rep by a Bravado customer, we may ask you to prove access to the employee email account provided to you by that customer. This data will be shared with customers to track your sales productivity; customers can use this data to confirm you meet the minimum activity requirements to pay out your ramp stipend and commission.