The best way to understand how, what, and why we do what we do here at BARR is to learn about our work through another company’s experience. We’re proud to share client experiences that showcase how BARR helps leading SaaS providers simplify the path to security and compliance.
CASE STUDY: RFP360
At a Glance
For any organization, the RFP process, also known as the request for proposal process, can be both overwhelming and time consuming. For more than 10 years, leading organizations worldwide prefer using RFP360 to transform the RFP process—saving time, improving results, and driving revenue.
RFP360 provides a full-circle, integrated RFP software solution that does it all. By eliminating pain points related to knowledge management, collaboration, communication, quality control, vendor selection, and more, RFP360 designs, develops, and delivers a streamlined solution, making it easier for both buyers and sellers to request information and connect.
For RFP360, many of its prospective clients request completed security questionnaires before signing a contract agreement. This requirement slowed the company’s sales process, and could create a bottleneck for business operations.
“Financial auditors said don’t go down the SOC road unless you absolutely have to ,” said David Hulsen, RFP360 co-founder and chief operating officer. “But finally, our customers told us it would be a lot easier if we had a SOC 2 report to communicate our security posture. Plus, our business development team was consumed with security questionnaires.”
So RFP360 found an outside company that advised it to start SOC 2 compliance with a readiness assessment, then use a different company to help put together information for assessments, then find an auditor, and so forth.
Grounded in its belief that there had to be an easier solution to a complex process, RFP360 found a more efficient way to achieve its security goal. It partnered with Vanta and BARR Advisory (BARR) to streamline efforts and provide a roadmap to achieving SOC 2 compliance from start to finish.
Starting the process with Vanta, a company that automates security monitoring and prepares companies for security audits, helped RFP360 avoid any manual work, such as hosting auditors onsite and taking endless amounts of screenshots to prove compliance.
Vanta’s automation tools continually ran checks on its systems every hour to ensure RFP360 was set up securely and would remain secure well beyond their audit. Vanta provides customers with a list of platform trained preferred third-party auditor partners, like BARR Advisory, to perform the audit at a reduced cost.
“We interviewed three different auditors and when I met Brad from BARR, his approach sealed the deal. Plus, it turns out they are also located in Kansas City. BARR gave us a condensed audit window, which was very appealing. Using both Vanta and BARR was turnkey. The technology and tools both organizations brought to the process was a tremendous time saver and made it easy. The tools also reassured me our information would remain confidential and secure.”
The total cost spent partnering with Vanta and BARR was significantly lower in terms of time, energy, and money. RFP360 reduced the time and energy spent throughout the auditing process because its technical staff wasn’t inundated with completing security questionnaires. They were able to stay focused on their core job.
“The ROI for both Vanta and BARR was a no brainer,” said Hulsen. “We now have a full SOC 2 report and a scaled down version, which are offered up to prospective clients to view. Because of this practice, we’ve seen a 90 percent drop in security requests. I just send prospects our SOC 2 and there’s never any issue. Their response is always short and sweet, like ‘Great! Thank you!’ or “Our SOC 2 checks all of their security boxes.”
The auditing process has not only given RFP360 a tangible report that communicates its compliance and commitment to security, it has also instilled a security culture in the company moving forward.
“I’ve learned you can’t just turn your security mindset on and off,” said Hulsen. “Now I think of security all of the time, not just during the audit period. It’s part of my regular routine.”
Armed with a SOC 2, in addition to Vanta’s software continuously monitoring RFP360’s security and compliance controls (and it will continue to do so because they renewed their contract for 2021), RFP360 can feel confident their security is covered all 365 days of the year.
Contact us to learn more. Already a BARR client? Ask one of our associates how you can begin creating a case study with us based on your experience.