Complying with corporate customer's Security Checklist: A guide for startups
21 Jul 2023 - Frans Vanhaelewijck
Made by jcomp
Growth and expansion are crucial if you are working in a startup. Frequently, this growth leads startups to target bigger, more profitable customers. However, as we have outlined in previous blogposts, this comes with significant overhead. One of these overheads is the big corporate customer’s compliance checklist or security questionnaire. Now, you may not always be willing to spend the time on filling in these questionnaires. (see last week’s post But if you do, see below for practical tips.
What is a Compliance Checklist?
A compliance checklist or a security questionnaire is typically a document or an Excel sheet that can run into several pages, sometimes even comprising hundreds of items. This checklist is a comprehensive list of standards and procedures that your startup needs to meet to provide services or products to a big corporation.
The initial investment
The initial questionnaires you complete will likely consume a lot of time. This is perfectly normal. Spend some time on these first few, ensuring they are especially clear and concise. It’s highly likely that your subsequent questionnaires will have about an 80% overlap with these initial ones, making the process significantly more manageable in the future.
More than Yes/No Questions
At first glance, you may notice that many of these questions seem to be simple “yes/no” queries. However, it is beneficial to go beyond a simple answer. Take your time with each question, even if it seems direct or straightforward. Why? Because these answers serve as an opportunity to demonstrate the merits of your product or service.
Responding in detail will give your potential customer insights into your operations and make them understand better how you can meet their needs. It provides you with a chance to showcase your product’s features, capabilities, and safeguards in place. This not only satisfies their query but also makes your product more appealing to them.
What’s in it for the customer
Every item on the compliance checklist is essential. There is a reason why they are part of this extensive list. Each question is designed to ensure that your product or service meets the specific security and operation standards set by the big corporation.
The thorough compliance with these checklists is necessary to build trust with these corporations. It reassures these corporations that your startup can meet their stringent requirements and that you respect their security and operational protocols. This trust forms the basis of a fruitful business relationship with your bigger customer.
Moreover, a detailed response on these compliance checklists can serve as a self-audit for your startup. It allows you to assess your product, identify potential loopholes, and improve it further.
What if you don’t (yet) support a feature?
While honesty is imperative when responding, aim to avoid simply answering “no”. You may not meet the exact requirement stated in the questionnaire, but there could be other features you offer that adequately address the issue at hand. If you do not currently meet a specific requirement, don’t hesitate to provide context and share your plans for the future. Outline your past actions, present capabilities, and future plans related to the topic. Giving the customer an understanding of your roadmap can reassure them that the feature in question is being considered for future development. Even if you currently do not support a specific feature, you could mention that if the customer commits to a sufficient volume of business, you are open to discussing the possibility of adding this feature to your roadmap (if, of course, it’s a feasible option).
Tips from the trenches
Here are some practical things we’ve learned working through many questionaires:
- These questionnaires typically come in the form of Excel sheets. Take the time to familiarize yourself with the basics of text formatting in Excel cells, such as using bullet points and bold type. This can make your responses stand out compared to competitors who simply provide “yes” or “no” answers.
- If there are topics that closely resemble each other, don’t hesitate to supplement your answers with additional documents and refer to these documents within the Excel sheet. Charts or diagrams, for example, can be more effectively included and referenced in separate documents.
- When more than one supplier is being asked to fill in a questionnaire (e.g. as a response to a Request For Proposal), the bidding teams typically foresee a period in which potential suppliers can ask questions. Make sure to start early on reading through the RFP so you can spot any inconsistencies or things that are not clear early. You may also suggest certain implementation features that you know your competitors do not have. That is a typical way to ‘set the agenda’ and outsmart the competition.
- If you are able to come and present your offer, make sure you are the last one on the agenda and try to reserve the latest available slot. People typically remember the most recent presenatations better than the earlier ones.
While tackling a compliance checklist may seem a daunting task, it is an integral part of dealing with big corporations. Rather than viewing it as a burden, consider it as an opportunity. An opportunity to showcase your product’s capabilities, to build trust with your potential customer, and to self-assess and improve.
Always remember, the goal is not just to get a yes on all questions but to demonstrate the merit of your product or service. Taking the time to thoroughly answer each question is, indeed, time well spent.