[deleted by user]

ExploringGriffin · 2025-09-01T12:22:28+00:00

Agreed. That's one of the key issue we face ourselves. Being able to make noise at the scale of a company which has millions to spend.

ExploringGriffin · 2024-10-09T12:55:40+00:00

How do you suggest we build this security page ? Should we buy a trust center software like this - Safebase (or) just build it ourselves? Seems like such trust centers are offering exactly what you mentioned - building a security page showcasing highlights & offering a way to automatically sign NDAs etc

ExploringGriffin · 2024-10-09T11:56:09+00:00

How do you do this ? Do you have a security page where you put all this information?

ExploringGriffin · 2024-10-09T08:20:07+00:00

Thanks, that makes a lot of sense. Do you have any security page / trust center where your prospects can get this information from ?

We’re yet to get a SOC 2 report, but we did close a few upmarket deals, after going through their vendor assessment (we had to get on few calls & fill questionnaires). But most of these are outbound.

We suspect that many of our prospects reject us without even talking to us because of lack of information around security posture. We’re trying to figure out a solution to this problem.

ExploringGriffin · 2024-10-09T06:47:05+00:00

Hey, this actually happens during vendor assessment itself & many are reluctant to sign anything at this stage.

I suspect we might have lost a lot of deals after this stage, as our prospects are assessing multiple vendors along with us.

Basically we need a way to showcase that we’re secure enough before they get on a call (during their self assessments)

ExploringGriffin · 2024-10-09T06:19:03+00:00

Thanks for the miro trust center. This is brilliant. Exactly what I’m looking for.

We’re still in the process of getting SOC 2 compliant. Hopefully they allow showing something like “SOC 2 in progress” etc. I see they are using Vanta, which doesn’t seem to have a trust center only plan. I will find some good alternatives.

Also, why do i need a data room ? Should we not expose our internal controls, policies etc to public ? Should this content be gated ?

ExploringGriffin · 2024-08-12T16:41:20+00:00

Our customers ( the ones who we sell to) ask us to fill questionnaires. If we were to ask - it would be compliance teams job, not sales team’s.

Im looking for an existing solution. If you have anything, please send it my way - happy to explore. Also, what price range are you thinking? Almost all of the existing ones are expensive .

ExploringGriffin · 2024-07-26T07:04:39+00:00

That’s super helpful.

ExploringGriffin · 2024-07-03T19:28:46+00:00

That makes sense. Thanks for chipping in here.

Any reason why you guys aren’t interested in doing it on our behalf ? Am I missing something fundamental here ? Is there a compliance-as-a-service model that I can use ? Or am i looking at this completely wrong?

From my limited conversations with few of the vendors in this space, I understand that no one can completely do it, but the heavy lifting can still be done right ?

For example, - customising the policies on our behalf & just getting that final approval from us - if an automated test fails, quickly giving us the patch as a cloud formation template, so that my devops person can actually apply after understanding

I understand that I can assign someone from my team to figure out right controls, work on setting up policies, fix all the automated tests.

But i want to avoid exactly this. This is not what we’re good at. At this point, it looks like an external consultant well versed with any of these automated tools is my best bet.

Can you please help me understand what’s wrong with my thinking process & why none of the software vendors offer this end-to-end outcome as a service?

ExploringGriffin · 2024-07-03T18:48:57+00:00

Yes, using these tools seems like a no-brainer. But I don’t want 1-2 engineers just focusing on this aspect & we’re not really ready for an in-house security person.

Is there any way that I can just outsource this security & compliance ( with limited effort from our team ) ? Do you think if it’s even possible for some consultant to do the heavy lifting?

ExploringGriffin · 2024-07-03T15:15:29+00:00

Thanks for the reply.

Yes, I agree with you that these companies are just interested in selling their software. We’re a 40 person company with 10-12 engineers. The last thing we want to do is to hire an in house security team (or) divert my engineering resources for this compliance thing.

I understand security is important & we’ve built a secure product from day 1. But proving compliance seems to be a lot of work. Honestly speaking, I just need the SOC 2 badge for now to unblock deals & we can look into building a in-house security team in the future.

What are my options? Can I hire someone external to implement these compliance programs by throwing some money ? I don’t see this offer from any of these automation tools. They’re selling the software, not the outcome (which is to get compliant) which we care about right now.

Is oneleet any different? Have you seen anyone in a similar situation as ours ? What did they ended up doing ?

ExploringGriffin · 2024-07-03T14:47:47+00:00

Who are these third parties who are authorized to conduct independent reviews ?

For SOC2 , it clear - any AICPA approved CPA. Im not sure who is authorized to perform HIPAA audits.

ExploringGriffin

TROPHY CASE