The VSA is a super new group called the Vendor Security Alliance. As soon as I read this article about it Link, I realized it was a great idea for all Software as a Service (SaaS companies) and will help get cloud service contracts signed. And hey, as attorneys that help SaaS companies get SaaS contracts signed, we were very excited. So here is our thinking:
- What is the VSA?
- Here is their quote: “In collaboration with the VSA, top security experts and experienced compliance officers will release a yearly questionnaire to benchmark their risk. Companies can leverage this questionnaire to qualify vendors and ensure the appropriate controls are in place to improve security for everyone.”
- The questionnaire is only stage 1, as it appears that they plan to come up with a VSA certified score. This scoring system could really help SaaS companies communicate their security practices.
- Security issues are the #1 due diligence item we see in SaaS deals.
- Security due dilligence is really slowing deals up, and the level of detail required to close a deal keeps increasing. In fact, info sec managers and directors at customers are on more and more conference calls during the contracting process and asking lots of questions.
- It is not a bad thing, in fact it is a good thing, but we have to find a technological way to speed this process up. Hello VSA!
- The VSA process (if it works and is executed well), could provide an efficient