It’s that special time of the year again. If you thought I was going to say the holidays, you’re wrong. I’m talking about our annual vendor risk assessment. This entails obtaining SOC 2 reports from our 100+ vendors. Last year, Kevin Qiu, our Director of Information Security, wrote a blog about vendors sharing their SOC 2 reports. I thought I’d be a great time to compare notes with his experience from our last assessment.
At this time last year, we had a total of 72 vendors, with only one of them using SafeBase. I am happy to say that this year, we have 104 vendors, with 11 using SafeBase. That’s a 1000% increase! Even though our amount of vendors has increased by 45%, with the 1000% increase in vendors using SafeBase, we were able to execute this vendor risk assessment in half the time by seamlessly requesting access to these compliance reports via SafeBase as opposed to email or contacting support.
Getting off on the right foot is crucial to a healthy customer-vendor relationship. Just like any other relationship, we need to build trust. Therefore, requesting a SOC 2 report is just what we need to ensure the security of our organization’s data and our customers’ data. In the beginning, this is typically easier. The original contact such as an Account Executive will usually provide it to you or they will ensure that they get you to the right person as a means to close the deal more quickly. They know without it, the deal may not move forward. But what happens a year later when everything is said and done? The original contact you had with the vendor may no longer be with that company, and you may not know whom to contact for the following year’s SOC 2 report.
Vendors Using SafeBase
Self-Serve
Most of our vendors have their SafeBase Security Portal link posted on their website. In almost every case, these links brought me right to their SafeBase Trust Center, where I was able to request full access to their security content. Luckily many of these companies have SalesForce auto approve enabled, so I was able to get instant access and download their SOC 2 report.
Vendors Not Using SafeBase
Contacting Support
When reaching out via chat (Intercom), emailing support, or even calling, there were a shocking amount of vendor employees that actually had no idea where we could get their SOC 2 report. We were shuffled around from person to person, sometimes over several emails and multiple days. We were often left at a dead end, having to do our own research on Google about how and whom we could contact to obtain this report. Even worse, some of the vendors that did get back to us charge for access to their SOC 2 - a far cry from the transparency that most businesses now demand of their vendors.
Self-Serve
Although this sounds relatively painless, turned out for a lot of these, it was just the opposite. We would find a website for a portal but after clicking on the link, we were brought to a login page, ugh! The last thing I want to do is create a set of login credentials for something I’m only going to use once a year. I have to say, this is a less than tasteful user experience for security teams that have to repeat this process for tens, if not hundreds, of external vendors..
A good chunk of my day is spent on our customers’ security, filling out questionnaires. But the more I focus on our own security here at SafeBase, the more I realize the need for our product and how it relieves such a pain point! I think to myself, “Who wouldn’t want to use this”?
SafeBase is not a vitamin. SafeBase is a painkiller. We are revolutionizing the way customers share their security posture. Get yourself a SafeBase Trust Center so your customers aren’t pulling their hair out trying to find your SOC 2 report. Customers like ClickUp, Snyk, and LinkedIn are transparently building trust with their buyers on SafeBase, and organizations of all sizes can recognize value from proactively sharing their security posture. Sign up here and get started today!
