Imagine a world without security questionnaires….we’re not talking about a world without security reviews: just a world where it’s possible to establish trust with your vendors, without the need for lengthy questionnaires.

Conveyor is on a mission to get us to that future. In talking with hundreds of security professionals, we’ve come to understand a few fundamental truths. 

The way companies build trust is broken.

  1. Security questionnaires suck
  2. Reviews take too long
  3. No one is really any safer as a result

Enter Conveyor’s Vendor Trust platform. 

Built with the help of our customers and early-access partners, our Vendor Trust product helps organizations assess the security posture of their vendors, without issuing questionnaires or undergoing lengthy back-and-forth email chains. Designed to work within your existing processes, Conveyor helps you supercharge the initial stages of vendor reviews. 

Designed to work with your existing tools & processes, Conveyor fast-tracks the initial stages of a vendor security review.

Assessing your vendors can now be done in a few simple steps:

  1. Upload your vendors’ security documentation (SOC 2, pen test reports, etc)
  2. Select the questions & controls you care about
  3. Review the answers and accept or flag anything that needs follow up! 

Sound interesting? Read below for more information on each of these steps, and click here to sign up to start using it today!

4 steps to assess your vendors — no questionnaires required

1. Upload your vendors’ security documentation

This step is pretty self-explanatory. If you’ve already received your vendors’ SOC 2 Type II, pen test reports, or other security documentation, simply load it into the Vendor Review portal and we’ll do the scouring for you. 

We’ll summarize the highlights such as: 

  • Who was the auditor?
  • What services are in scope? 
  • Is the report up to date?
  • What are the exceptions, if any?

Getting all of the highlights in an easy-to-consume format saves you hours of reading through lengthy text, when all you want to know is what’s relevant to you.

2. Configure your list of questions & controls

Speaking of what’s relevant to you, we need to know that! Every company has different questions and controls that matter to them, so this is where our solution shines: we take your inputs (the docs, as well as your questions and controls) and we get you the answers to the questions you care about. This saves you time, as you don’t have to wait for your vendor to respond to your questionnaire. And, Conveyor cites the exact location(s) where we sourced that answer, giving you a more thorough, in-depth look at your vendors’ security posture. Click and you’ll be taken directly to the spot in the document where we found the answer so you can check our work 😉.

This is one of the aspects of the solution that customers like the most — not just the time savings, but the thoroughness of the assessment.

3. Release ConveyorBot!

ConveyorBot finds the answers to your questions, flags issues for your attention, and emails you when your results are ready for review.

4. Review the answers to your questions

Now that you have the answers (and locations) for all of your questions, Conveyor’s Review module makes it a breeze to review answers and accept, and notes, and/or flag for follow up. We’ve done the work of flagging where the answer(s) don’t meet your control requirements, so all you have to do is decide whether or not you want to accept the exception, or go back to the vendor for more information. 

BONUS STEP: Schedule your next review!

OK, so we threw in a bonus step here. But it’s worth mentioning that security reviews are not a “one and done” exercise. You likely want to review some vendors again in 6 months, some in a year, or some in a few years. Conveyor makes it easy to schedule your next review with our drag-and-drop feature, so you have a full view of all your upcoming reviews.

Seriously, scheduling school pickup and soccer game carpooling should be so easy. 

Get started today

Conveyor is on a mission to make security reviews, fast, frictionless, and accurate for teams on both sides of the process. The up-front assessment is often the most time-consuming part of a vendor review. We take out the delays associated with finding the right contacts, requesting information, waiting for answers to your questions, and manually going through multiple data sources. We get you the information you need (based on your unique business case) so you get the most complete, thorough review without manual, repetitive work. No questionnaires required!

Conveyor’s Vendor Trust platform is now open for early beta access. Click here to log into the Vendor Directory, and click on "start a review" on any vendor to get started!