We’ve seen that look before—eyes glazing over as soon as the talk turns to phrases like “security,” “RFP,” and “It’s not lunchtime yet.”
However, if you’ve got some great new solution that you’re just dying to get implemented within your organization, you’re going to have to get real comfortable with these and other terms.
If you’re starting to feel like you’re in over your head, we’re offering you a hand in the form of this quick and easy cheat sheet that will help you anticipate the questions your IT team is inevitably going to ask during the approval process.
Basic Terms to Know: RFP and Security Questionnaire
As we mentioned earlier, “RFP” and “security questionnaire” are prominent pieces of lingo that are likely to come up in your journey toward (hopefully!) getting your solution approved.
An RFP, or a request for proposal, is a document that aims to lay out all the requirements and needs that will come up during the course of a project. Many of your larger, organized IT teams—and leadership teams, for that matter—will want to see an RFP to get a better idea of the goals and timeline of your proposed technology implementation.
RFPs also give contractors, agencies, and other vendors the details they need to create an accurate bid to provide services for your project.
A security questionnaire is pretty much what it sounds like—a list of questions related to the security of your proposed solution. IT teams used these all the time to collect information about a piece of technology so they can make important judgment calls about how secure it is, how well it’ll fit into your current tech stack, what impact it will have on your business goals, and more. And good thing they do, because some business solutions take security more seriously than others.
Depending on the complexity of the solution you’re proposing, as well as the size of your company, these questionnaires can get pretty detailed—so make sure you keep reading for our advice on what info you need to start gathering pronto.
Key Information That Will Help Get Your Solution Approved
For now, let’s say you’re trying to implement a mid-complexity project at a mid-sized company. Here is some of the most important information you’ll want to have on hand when it comes to filling out a security questionnaire for your new technology proposal:
- Vendor’s name
- Vendor’s security contact
- Which internal teams will use this solution?
- Which of your systems will integrate with this solution? Consider Salesforce, SSO provider, email servers, etc.
- Attestations (SOCII, HIPAA, etc)
- Links to the vendor’s privacy pages or documents
- Links to the vendor’s security pages or documents
- What types of customer information will this system have access to?
- What types of company information will this system have access to?
- Will the solution have access to production data?
- What’s the proposed timeline for the project?
- Any other specifics related to the solution at hand (For example, if you’re proposing an eSignature solution you’d want to be prepared to share specific compliance, security, privacy, and other details.)
Most likely your IT will require more (or perhaps different) information than this, but it’s a great start. As always, remember that IT is your enabler, not your blocker. Make sure you give them the communication and context they need. For more tips on how to make sure to check out “How to Make the IT Approval Process as Painless as Possible.”
Additional Resources to Check Out
Haven’t had enough yet? Awesome—we can already tell you’re technology proposal is gonna be a hit!
If you’re ready to keep studying, check out this example of a security questionnaire. Also, go ahead and visit the last few posts in our series on enabling technology advocates to successfully introduce new solutions to their team: How to Champion New Technology to Internal Stakeholders and How to Make the IT Approval Process as Painless as Possible.
We hope this succinct guide gives you the confidence to crush it when it comes time to actually put your proposal in front of your IT team. And now, we wanna hear from you! What technology solution are you trying to get approved? Is there any other key information you think we should include on this list?