At what stage of the sales process should you share security information?

Security and data privacy has become a huge part of the B2B buying journey. More and more, enterprise clients are looking for SaaS providers that take security as seriously as they have to. The question is, when should you bring it up? How early in the sales conversation is it worth discussing that you’re SOC 2 compliant or that you’ve rolled out a robust data security program? 

The answer is that you should be talking about it early and often. Here’s why: not only will it help build trust with your prospect, it will also make it easier for them to go to bat for you in the procurement process because you’re already ticking important security and data privacy boxes. 

Below, we outline some of the opportunities and methods for sharing your security posture with prospects. Take a look.

Before the first conversation

Your sales team likely does a lot of outreach to engage with potential customers — and that’s great. Your outbound sales tactics lend themselves really well to introducing your security posture. But what happens with your inbound leads? Is it easy for someone who’s arrived at your website or social media channels to know where you stand on the security front? 

Where possible, it’s valuable to share as much information as you can about your approach to security and data privacy. This way, you can proactively answer any questions your prospects may have and ensure they don’t automatically take you out of contention because they can’t find anything about your security practices. 

The companies that do this best use a variety of methods. For starters, you could have a landing page dedicated to security and data privacy. This would include any policies that can be shared publicly, regulatory compliance certifications, and any other relevant details. You can also use your blog, social media channels, and conference presentations to share any updates regarding compliance, your overall approach to security, or why security is important in the industry you serve. 

Beyond ticking boxes for buyers that are doing their research, this will also be an indicator that your company takes security seriously, thus building trust with the prospect. 

During the first sales conversations

The next important touchpoint in the sales process where it’s worth bringing up security is the first conversation with a prospect. As part of their call script, business development reps should have talking points that address security, data privacy, and any compliance efforts that your company has made. Then, during subsequent sales calls, account managers should have a couple of slides in their presentation dedicated to security. 

These talking points should also be included in any sales collateral that’s shared with the prospect, so that they have that information to hand as they talk to other stakeholders within their organization. 

During the procurement process

Once the prospect is ready to pull you into their procurement process, it’ll be on them to bring up the question of security — and this often takes the form of security questionnaires. 

Sales reps for SaaS vendors know the burden of a long security questionnaire. These long lists of questions take a significant amount of time to fill out, often requiring input from the security and legal departments. They’re also not consistent from prospect to prospect, so even if you do have a bank of answers, the responses need to be checked for correctness and completeness every time.

One workaround for this is to become SOC 2 compliant and share your SOC 2 report instead. A passing grade for a SOC 2 audit shows that your company is abiding by security and data privacy best practices, and therefore answers most (if not all) of the questions that appear on a security questionnaire. 

The thing to remember here is that your SOC 2 report is not a document that can be shared publicly. As such, you’ll need to get an NDA signed by the prospective customer before you can send it over. Pima makes this easier than ever, reducing the back and forth that typically goes into getting an NDA signed, and immediately (and securely) sharing your documentation once the individual has signed. 

Making security a core part of your business

We’ve said it before and we’ll likely say it again: to truly be successful as a B2B SaaS vendor that serves enterprise customers, security needs to be a core part of everything you do. Your executives need to lead by example. Your marketers need to tell stories about your security posture. Your sales reps need to be equipped with the right information to prove your commitment to security — and they should be able to share those details quickly and easily. 

Living and breathing security will be a core driving force to becoming a top vendor with your target customer audience. So, make sure you’re always ready to talk about it, regardless of what part of the sales journey you’re on.

‍At Pima, we’ve made it easier than ever for SaaS vendors to share security information quickly and securely. Learn more about our product on the homepage.