RFP360 Case Study

RFP360 uses BARR Advisory and Vanta to simplify the SOC 2 process and meet the security needs of its customers.

At a Glance

For any organization, the request for proposal (RFP) process can be both overwhelming and time consuming. For more than 10 years, leading organizations worldwide prefer using RFP360 to transform the RFP process—saving time, improving results, and driving revenue. RFP360 provides a full-circle, integrated RFP software solution that does it all. By eliminating pain points related to knowledge management, collaboration, communication, quality control, vendor selection, and more, RFP360 designs, develops, and delivers a streamlined solution, making it easier for both buyers and sellers to request information and connect.

Vanta, BARR’s compliance automation partner, is on a mission to protect consumer data and restore trust in internet businesses. Vanta partners with AICPA-affiliated auditors to guide the company through SOC 2 or ISO 27001 audits and package the results that can be easily shared with regulators and customers.

The Challenge

For RFP360, many of its prospective clients request completed security questionnaires before signing a contract agreement. This requirement slowed the company’s sales process and could create a bottleneck for business operations.

So RFP360 found an outside company that advised it to start SOC 2 compliance with a readiness assessment, then use a different company to help put together information for assessments, then find an auditor, and so forth. Grounded in its belief that there had to be an easier solution to a complex process, RFP360 found a more efficient way to achieve its security goal.

It partnered with Vanta and BARR to streamline efforts and provide a roadmap to achieving SOC 2 compliance from start to finish.

Financial auditors advised not to go down the SOC road unless you absolutely have to. But finally, our customers told us it would be a lot easier if we had a SOC 2 report to communicate our security posture. Plus, our business development team was consumed with security questionnaires.

David Hulsen
Co-Founder and COO

The Solution

Starting the process with Vanta helped RFP360 avoid any manual work, such as hosting auditors onsite and taking endless amounts of screenshots to prove compliance. Vanta’s automation tools continually ran checks on its systems every hour to ensure RFP360 was set up securely and would remain secure well beyond its audit. Vanta provides customers with a list of platform trained preferred third-party auditor partners, like BARR, to perform the audit at a reduced cost.

We interviewed three different auditors, and when I met BARR’s founder and president, his approach sealed the deal. BARR gave us a condensed audit window, which was very appealing. Using both Vanta and BARR was turnkey. The technology and tools both organizations brought to the process was a tremendous time saver and made it easy. The tools also reassured me our information would remain confidential and secure.

David Hulsen
Co-Founder and COO

The Results

The total cost spent partnering with Vanta and BARR was significantly lower in terms of time, energy, and money. RFP360 reduced the time and energy spent throughout the auditing process because its technical staff wasn’t inundated with completing security questionnaires. They were able to stay focused on their core job. The auditing process has not only given RFP360 a tangible report that communicates its compliance and commitment to security, it has also instilled a security culture in the company moving forward.

“I’ve learned you can’t just turn your security mindset on and off,” said Hulsen. “Now I think of security all of the time, not just during the audit period. It’s part of my regular routine.”

Armed with a SOC 2, in addition to Vanta’s software continuously monitoring RFP360’s security and compliance controls (and it will continue to do so because they renewed their contract), RFP360 can feel confident its security is covered all 365 days of the year.

Through its partnership with BARR and Vanta, RFP360 experienced:

A 90% drop in security requests;

Reduced time and energy spent on security issues; and,

A more efficient audit process and increased customer trust.

The ROI for both Vanta and BARR was a no brainer. We now have a full SOC 2 report, which can be offered up to prospective clients to view. Because of this practice, we’ve seen a 90 percent drop in security requests. I just send prospects our SOC 2 and there’s never any issue. Their response is always short and sweet, like ‘Great! Thank you!’ or that our SOC 2 checks all of their security boxes.

David Hulsen
Co-Founder and COO

Contact Us for a Free Consultation

We’re here to help you!
Speak with a BARR specialist about your security and compliance needs.