Back to Blogs

How iovation Manages Their RFP & Security Assessment Response Process


iovation is a fraud protection and authentication company that helps clients improve operational efficiencies and cut losses by preventing fraudulent and abusive financial transactions. Being a company that specializes in fraud protection, iovation sees its fair share of Security Assessment requests.

Tanner Volz, Technical Content Manager at iovation, has worked on RFP, Security, and Compliance projects for over 3 years. He came into this role with 18+ years of experience in Technical Writing.

In this post, Tanner shares his insights into why Security is critical to the sales cycle and how iovation manages the process of responding to RFPs and Compliance and Security Questionnaires, referred to throughout this post as Compliance Projects.

Understanding Security Assessments in the Sales Cycle

Security is at the core of any SaaS business, with prospects and customers seeking assurance that their vendors are protecting any confidential data that they host. For companies like iovation that work in the Security space, their own Platform Security becomes even more critical. These companies have to demonstrate that they hold their internal Security practices and systems to the highest standards. iovation regularly completes Compliance Projects both in response to new opportunities and as part of periodic Security audits for their existing clients.

To Respond, or not to Respond

It is sometimes impossible to respond to every RFP and Compliance Project that you receive; for new opportunities, you must prioritize work that is most likely to help win important deals. It all comes down to quality over quantity.

That's why it is critical to vet every project to ensure that the company uses its resources efficiently. Before sending an RFP or Compliance Project to Tanner, iovation’s Sales and Client Management teams review whether the benefits from the opportunity outweigh the resources required to respond to it.

Managing a Global Security Team 

iovation’s “back-office” team that completes Compliance Projects is global. Frequent communication is crucial to their success. To ensure that everyone across the team is aligned, Tanner holds frequent meetings during active projects – at least weekly. Once a project is scoped out, the team allocates resources, determines timelines, and creates a project plan.

iovation uses Loopio to manage their responses to Compliance Projects. Once they load a project into Loopio, all involved team members have full visibility into its progress. In addition to tracking their progress in Loopio, the team has regular phone calls with their sales representatives and also send out weekly updates to communicate the status of the project.

Challenges of Selling Globally 

Selling globally presents unique challenges since Security Assessment requirements often vary across the globe. Clients want to know whether the vendor complies with regulations specific to their location. For example, a client in the UK or the European Union would want to know if a US-based vendor meets the demands of the Privacy Shield agreement, which requires segregation of all client data. It is important to have responses tailored to the needs of clients in a particular country or region.

Staying on Top of Industry Trends 

Beyond staying on top of the Security regulations, it is important to pay attention to trends that might affect your product. One example of a major trend that Tanner has seen recently is the increasing importance of encryption and business continuity.

Even though Security is an inherent part of any SaaS company, clients still want to be assured that their data is being stored and transmitted securely. They need to know that, when an incident such as the recent AWS outage happens, vendors have proper failover policies in place.  

Tanner also notes that it is important for the RFP team to proactively communicate any changes that they see in the Compliance Projects requirements to their product team because it might signal a need for change to the product and/or messaging to prospects.

Selling to Different Audiences 

In addition to being tailored to client’s particular country or region, content needs to be audience-specific. When responding to a request, it's important to keep in mind the fact that you are selling to different groups of stakeholders. RFP responses tend to be written for the business audience. This audience wants to understand how the product or service solves their problem. RFP responses, therefore, will include standard messaging that addresses the needs of the client as a business.

A more technical audience (IT or Security departments), however, reviews the responses to Compliance or Security Questionnaires. These responses need to provide the facts without any “padded” messaging.  

Time-Saving Tactics 

Since Compliance Projects are such a core component of iovation’s sales cycle and responding to them can take up a lot of resources, the team utilizes several time-saving tactics:


Standardized Information Gathering (SIG) Questionnaire “is a compilation of questions to determine how information technology and data Security risks are managed across a broad spectrum of risk control areas.” Sending SIG questionnaires to clients who accept them instead of customizing Security Assessments helps save significant time.

Subject Matter Experts (SMEs)

At iovation, a Compliance Project can require input from many departments across the company: finance, IT, R&D, etc. Tanner takes advantage of larger projects that spark engagement from Senior Executives and Subject Matter Experts to capture their knowledge and feed it back into iovation’s Loopio Library. This helps to keep content updated and enables his team to be self-sufficient when they complete smaller projects.

Power of the Phone Call

Never underestimate the power of a phone call! Questions in Compliance Projects can be confusing or vague, requiring clarification. What does your client consider to be sensitive data? Does a question have to do with internal Security or client Security? Sometimes the best way to know what the question means is to pick up the phone and talk to the client. Having a call instead of an email conversation helps speed up the response process.

In Conclusion

Despite all the complexities around working on Compliance Projects, they remain an important part of the sales cycle for most SaaS companies. When responding to Compliance Projects, you need to be aware of who your audience is and what Security needs they have. Communication, both within your team and with your client, is also vital to successfully responding to these Questionnaires.

About Tanner Volz

Tanner Volz

Tanner Volz is the Technical Content Manager at iovation and has been the lead for RFP, Security, and Compliance projects for over 3 years. He came into this role with 18+ years of experience in Technical Writing.

Download Resource

Recommended Reading
Back to Blog