If your company shares information with other organizations, you probably have to fill out annual security surveys to show that you’re doing your due diligence to meet compliance standards such as PCI, HIPAA, SOC, NIST or ISO. It’s not fun, but it’s part of the cost of doing business. But how high is that cost, and how high should it be?
Most companies invest as much as a full day filling out each security survey. If you’re like most companies, you have five to ten security surveys to fill out each year. Some companies have scores of surveys to deal with annually. That’s a lot of time to be working on another company’s project.
The Pain of Security Surveys
The problem with security surveys is that there is no standard way of doing it. Every organization does it differently, so you can’t simply send out a boilerplate set of responses. You need to accommodate each organization’s quirks.
Although security surveys generally ask for the same information, every company has their own version they have created. The questions are worded differently from survey to survey, and they’re in a different order. They also come in myriad formats—everything from online Google docs to downloaded Word files to spreadsheets or PDFs. You might even get the questions in the body of an email.
On top of that, each organization wants your responses delivered in a certain format. For some, a PDF is fine. Others want your answers pasted into their spreadsheet or Word doc or proprietary third party system.
Internally, you have your own speed bumps that complicate things. Every time you respond to a survey, you’re writing the responses from scratch. That means there is no consistency from year to year or survey to survey. Sometimes your responses will be more complete and informative than other times. You’re also reinventing the wheel with every security survey.
That translates to a big time investment. The time to respond to a single decent sized security survey is easily five or six hours. It could be as much as eight or ten if you don’t have all the information you need at your fingertips. When you’re done with the survey, someone will need to spend time reviewing it.
All that time is spent working for another organization.
The cost of doing business can be expensive. But TCT Portal was built to cut your costs, and our Public Reporting feature can make those costs nominal.
TCT Portal Makes Surveys Simple
TCT Portal’s Public Reporting feature gives you a standard process and consistent responses, while cutting your response time to just a few minutes per survey. Here’s how it works:
- Under each applicable compliance requirement, enter the information that will be needed to answer a publicly facing survey question for that requirement.
- Save a survey response framework for that company.
- When you receive a company’s survey for the first time, configure the relevant information into the TCT Portal’s Public Reporting area for that survey response. Organize the list of responses in the order the survey questions appear.
- Generate a PDF and send it as your survey response. If the target organization wants your responses in their mandated format, you can copy/paste from the PDF or have an admin take care of it.
- Reuse the framework next year. You might need to make some tweaks if the survey has been updated from the previous year, but that’s all you’ll need to do as most of the work is already done.
You can create a separate framework for every company that sends you surveys. The process will take less than an hour the first time you do it, and just a few minutes each year after that. TCT Portal gives you a sane process, consistent responses and a set of frameworks that are customized for each survey. You can even assign the task to an admin and you won’t need to do any QA reviews.
Related: Discover how much money TCT Portal recovers for your company
Cut the Costs of Doing Business
Filling out security surveys is part of the cost of doing business, but that doesn’t mean you have to pay through the nose. Cut your survey time dramatically, and streamline the process to make it trouble free.
Total Compliance Tracking was built to pull back the curtain on compliance, bring clarity and make the path easy to follow. Public Reporting is just one way we make that happen. If you’re ready to end the compliance chaos, TCT Portal may be the solution you’ve been looking for. Schedule a personalized tour today.