CUSTOMER LOGIN
  • BLOG
  • CONTACT US
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Solutions
    • Risk Assessment Automation
    • Security Questionnaire Automation
    • Zero Day Remediation
    • Integrations
    • Industries
      • Financial
      • Energy
      • Healthcare and Hospitals
      • Legal
      • Life Sciences
      • Manufacturing Industry
      • Retail
      • Technology
      • Other Industries
  • Pricing
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • Dictionary
    • API
  • Company
    • About us
    • Careers
    • Partners
      • Partners Login
    • Product Security
    • Privacy Policy

Spiff Case Study: 95% increased efficiency in vendor risk assessments

Published by Sabrina Pagnotta on May 12, 2021
Categories
  • Blog
Tags
  • TPRM Best Practices
  • Vendor Best Practices
spiff case study

Leading sales commission software provider Spiff uses both of our solutions, TPRM and Beacon by ThirdPartyTrust, to accelerate third-party risk assessments of their providers while scaling their own security response process as a vendor.

This case study highlights their operational improvements after implementing ThirdPartyTrust and features a video testimonial from Sean Jackson, Director of Information Security at Spiff.

Q: How did you come across ThirdPartyTrust?

I was at another company and a controller who wanted to check our security posture sent me an invite to ThirdPartyTrust. I didn’t know what it was or how to use it, so I sent an email to ThirdPartyTrust and a demo was quickly set up so they could show me the platform.

“As soon as I saw the benefit ThirdPartyTrust was providing to this customer, I realized how it could also help me. I said ‘Finally, someone has fixed this! Someone has made third-party risk assessments an automated process”.

Sean Jackson, Director of Information Security at Spiff

Q: What third party risk assessment challenges were you facing?

I found that every time I was doing questionnaires I was answering the same questions over and over again, and showing the same documents over and over again. Every time someone from Sales had to bring a new customer, I wished we could just give them a package instead of answering to multiple requests for documents.

We had the problem of:

  • Controlling the message
  • Controlling the exposure of data
  • Making sure the security posture was showcased in the best possible light

When I got my new position at Spiff, a startup with sales that are just off the charts, there were so many customers coming in. I was getting a lot of questionnaires and requests for data. We just barely finished our SOC 2 and then we had a pentest, and then we had another pentest…

In my second week I said ‘I know the tool we need’. My boss already knew ThirdPartyTrust and agreed to get it. So I just called and we closed the deal quickly.

Spiff-Case-Study-Download

Q: How does your security response process look like now ThirdPartyTrust?

After we adopted it I introduced it to the Sales team and started onboarding them. I showed how they could proactively get in front of those security requests by getting the NDA signed and then inviting the customers to ThirdPartyTrust.

It’s super easy for the customers. They click the link in the email we send, they sign up, and immediately can see our entire profile. If they have any questions they can contact me directly – one security guy to another security guy.

It’s not Marketing talking to Sales talking to Security. It’s their security person checking with me about compliance, GDPR, CCPA… We run through our security standards and it’s all done. It actually speeds up the sales cycle, as Sales is no longer waiting to know when I’m gonna get to the questionnaire. It all happens behind the scenes, and it’s FAST.

Q: How about the process for assessing your third-parties as an enterprise?

When I evaluate my vendors, I am able to determine the requirements for each type of relationship. If they’re a data controller for CCPA and GDPR, I know I need to see their insurances, policies, pentests, questionnaires… If they’re handling credit cards, I set the tag of “PCI vendor”, and I know I need to see their PCI compliance, pentest, and insurance; I don’t need their ISO, but I do need their SOC. And so on.

What’s beautiful is that if they’re also ThirdPartyTrust customers with a Beacon security profile, I set the requirements and they go “check check check”, as they have it all in there. Their job is done and my job is done just like that.

I always tell people “Go sign up to ThirdPartyTrust. It makes it easier for you and me”.

Q: How much faster is the assessment turnaround?

Before having the Beacon profile I would have to manually answer 15 assessments a month, but it’s only 1 a month now. By giving customers access to our security profile, they find most of the questions are already answered and our SIG Core, SIG Lite and other documents are also there. Their compliance needs are satisfied by what they see in ThirdPartyTrust, so I rarely need to intervene.

“Since I would spend an average of 3 hours on each, it’s roughly 45 hours a month versus 3 hours a month now. We’re talking 95%+ saved hours that I was able to relocate to IT: putting down fires, doing policy reviews, forensic investigations, troubleshooting, integration management, etc.”

As for assessing our vendors, depending on their size and how mature their security department is, it can go anywhere from 1 month to 3 months. Using this platform has significantly reduced the amount of emailing back and forth and manual effort.

Learn more about our two-sided platform for enterprises and vendors

Q: What are your favorite features of ThirdPartyTrust?

Pushing my security data to a customer and getting security data from a vendor when things are updated (such as a new SOC report, pentest, etc.). It works flawlessly both ways.

I like that I can easily showcase my security posture as a third-party to someone else, and see that of my third-parties.The notifications are amazing. I get a heads up when a vendor’s pentest is up to 1 year, and if they don’t proactively update it, I send them a message asking for a new one. Once it’s there, I can check that off for the year. This shows who is taking security seriously.

I do the same for the customers looking at us. I am proactive so when I upload a new pentest, SOC report or insurance, I want them to know we’re staying current.

Q: Why should other organizations choose ThirdPartyTrust?

I can think of a few reasons:

  • It solves the rinse and repeat problem with GRC
  • It makes third-party risk assessments almost painless, as you don’t have to hunt for the information – it’s just there for you
  • It makes our customers’ assessments easier
  • It works flawlessly to push and pull security data both ways
  • It’s a network that will keep growing to have more vendor profiles to accelerate assessments
Learn how ThirdPartyTrust can help you streamline your vendor risk assessments and/or security response process:
Trial Account Sign-Up
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    -------------------+18476966236
  • Address
    -------------------
    1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • Sales
    -------------------sales@thirdpartytrust.com
  • Marketing
    -------------------marketing@thirdpartytrust.com
  • Support
    -------------------support@thirdpartytrust.com

Contact us

Follow us!

LinkedIn
Twitter
YouTube
Facebook

Laika_SOC2_TypeI_PurpleIris

Copyright © ThirdPartyTrust 2022 | 1842 W. Irving Park Rd, #401, Chicago, IL 60613
  • BLOG
  • PARTNERS LOGIN
  • CONTACT US
Request Demo
  • BLOG
  • CONTACT US
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT