Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

How to Avoid Common Cybersecurity RFP Pitfalls: Part 1

At Trustwave, we see scores of requests for proposal (RFP) in all shapes and sizes, originating from nearly every conceivable industry, seeking solutions to their specific security challenges and desired business outcomes. To help those issuing the RFP and the vendor on the receiving end, I’ve drawn up some simple guidelines to follow that will help your RFP process run smoothly.

It’s no secret that RFPs are a common way for organizations to collect critical data required for their procurement processes, but for vendors, responding to an RFP rarely inspires joy. Instead, the RFP process often necessitates cross-organizational collaboration and significant internal resources from a responding vendor. 

The real problem is the company issuing the RFP regularly if inadvertently, introduces inefficiencies into the RFP process that ultimately results in the issuing organizations receiving neither the information nor the outcomes they are trying to achieve. 

As we all know, the RFP process is always evolving, and at some point, the project’s requirements will evolve or even drastically change. Often, a change at the workshop stage will uncover additional requirements that may differ from the initial RFP and potentially change its scope entirely.

So, before putting out an RFP, consider the following steps that will help avoid some common pitfalls that could lead to an eventual negative outcome:

Decision By Committee

Committees are great for solving many problems but not necessarily for the RFP process. Try to ensure that the people involved in the process understand what is being sought.

Here is a simple guideline to follow that will help create a proper RFP.

  • Is the correct and relevant information in your document? Procurement best practices for buying printer ink do not always translate well to security services; ensure all relevant parties are represented.
  • Are the key requirements captured and communicated clearly in the document?
  • Does the final document concisely outline your needs, or is it a wish list? 
  • There have been countless RFPs in which a ‘mandatory’ requirement was, in reality, only a preference. 
  • Be accurate and specific: you could miss out on a best-fit vendor’s bid due to a simple discrepancy in information.
  • Ensure to detail any additional requirements added to the RFP after internal discussions.

One Document, 10 Authors

Multiple authors seldom lend themselves to a well-written document.

In the end, ensure the document flows well and is worded concisely. 

Even at the Super-Mega-Corporate-Corp, the supplier is still only human, so a human should be able to read and understand your RFP. If you use a team to build your RFP, are requirements being repeated? We often see the same question asked in different parts of the document, which can confuse both the responder and the issuer. 

Make sure the document answers the pertinent questions. For example, are you driving the conversation to the business problem or the risk you want to reduce, or are you writing a wish list? Make sure to note the value of the RFP and its responses to your organization.

Beware of Third Parties 

Sometimes it might seem logical to bring in a third-party consulting firm to help your RFP process. But beware, this process can sometimes lead to a very costly document the size of War and Peace.

Additionally, an outside source may lack the necessary understanding of your environment to create an efficient RFP, so make sure the documentation mapped out unequivocally fits your needs.

However, with all that being said, good consultants are worth every penny, so be sure to vet any organization you hire.

Stakeholder Involvement

One error clients often make is not involving the correct stakeholders from the start of the process. For example, if procurement personnel are not involved from the beginning, vendors often find themselves having to start from scratch. This situation is often created because the procurement person does not understand the solution. 

However, if procurement is brought in and included in the workshops and presentations at the start, they will understand the process, negating any unnecessary repetition.

The same holds true for the legal team. If this team is reviewing the service descriptions, it need to understand the service and the business outcome to help avoid confusion.

Is Accuracy Everything?

Complex security solutions such as MDR (endpoints, servers, infrastructure, etc.) span your entire estate, so obtaining an accurate count can be difficult, but this might not be as important as you think. 

This may sound counterintuitive but don’t worry about the counts being accurate. Instead, providing the same numbers to every vendor is more important to ensure their estimates are apples-to-apples comparisons across respondents, even if the pricing is estimated.

Make certain to clearly document and call attention to any assumptions you’re making within the RFP to avoid confusion or miscommunication.

While this is by no means an exhaustive list, it illustrates how a vendor/service provider might receive RFP and the challenges they commonly face when attempting to put forth a thorough and competitive response. 

More often than not, the individuals representing vendors and suppliers want to keep their clients happy and help them succeed. If everyone is committed to improving communication throughout the RFP process, we could create efficiencies and increase successes across industries.

Try implementing a few of these suggestions when building your next RFP, and you may find yourself with better, more accurate responses that ultimately lead to your desired outcomes.

The Trustwave Advantage

Trustwave’s experts are on hand to offer guidance on a wide range of services, including:

If you would like to talk to our dedicated RFP team on your current or future RFP plans, feel free to get in touch at rfphelp@trustwave.com. 

Read part 2