January 9, 2023
4
minutes

Executive Summary: Solving Questionnaires In Hours, Not Weeks

SecurityPal CEO Pukar C. Hamal recently hosted a conversation with one of our strategic partners on how organizations can solve Security Questionnaires in hours instead of weeks.

Please enjoy our Q&A recap below in case you missed any of the engaging discussion!

What is SecurityPal’s onboarding process and how long does it typically take?

Onboarding is really simple because we're trying to take on a lot of the workload. One of the easiest ways in which we've tried to go about onboarding here is by asking “what are the security reviews that you've gone through over the last three to six months?”

We want to understand what types of questions you're being asked as well as what you're saying. And then we ask if you can also share with us anything that you share under NDA with customers and prospects. Usually it's a summary of your policies, like your SOC II or ISO or these various other compliance certifications that you've gotten. We take that language and turn it into answers that can slot in nicely with the various types of questionnaires that organizations like yours are getting. Because we've processed almost a million security questions over the course of the past two years, we have more knowledge around what types of questions organizations are asked, how to respond, and which questions are most challenging. Part of the value-add is that our security analysts have that pattern matching ability.

We rigorously intake your documents no matter what format they're in. It could take anywhere from a couple of weeks. But it's high ROI because it sets the tracks so to speak, such that when any new questionnaire comes in, now you can just run it through these tracks because you know you have a very sound security posture that's been reviewed by experienced analysts.

How does SecurityPal’s approach differ from AI-led solutions?

When I first ran into this problem at my previous company, I actually went to a friend of mine who was doing his PhD at the Stanford AI Lab, part of their computer science department. I had a friend of mine who got his PhD and I went to them with this problem. I was like, "Hey, can AI solve this? I've done five to 10 questionnaires. If we load enough if/then statements into that algorithm, I imagine it's good enough to be able to handle the net new question that my organization is getting.”.

I learned that you need orders of magnitude more data than any one company is going through on an annual basis to actually build and train a model. A lot of companies at most are getting 2,500, 5,000, 10,000 questionnaires. But you really need millions of those data points. The other challenge with a lot of AI models is that a company's security posture is fluid, not static. A lot of AI relies on historical data. What you really don't is to answer the security questionnaires based on the data of the company over the past five years. Your posture today is going to be different from last year. Your posture today will be different from previous years’.

At SecurityPal, we went back to first principles. We realized you need to get the best security analysts, invest in that team, and then slowly layer in technology. It leads to much better results where you actually end up solving the problems Questionnaires pose.

How does SecurityPal handle online portals? What if the Questionnaire cannot be exported from the portal?

We're seeing new portals come in every day but every single one of these portals are different. We now have experience with over 150 different portals and we realized that a significant percentage of them allow you to download and re-upload Questionnaires. For those, we can export them and share the completed version for you to re-upload. There's another subset that allows you to add a collaborator, like SecurityPal. In that case, we can go in there and fill everything in the right way. We can handle pretty much any portal that's out there. We've done some really, really complicated ones.

Can SecurityPal expedite Security Questionnaires?

Expedited requests are probably the most popular feature at SecurityPal. If you want to take a Security Questionnaire and you say, "Hey, this one's urgent, we need to get this done," you can expedite it – press that big red button – and then we’ll return it completed within 24 hours.

We're building up capacity today to handle any Security Questionnaire at any time from anywhere in the world, in any language on the same day. Questionnaires should never slow down a deal.

Expedited requests are especially popular toward the end of the quarter or the fiscal year. We're really thrilled about some of the innovation that we're doing there.

Curious what SecurityPal can do for you? Book a meeting with us today.

No items found.
No items found.
Growth Team