InfoSec for salespeople: 10 security terms you need to know to close the deal

July 16, 2021
5 min read

The most effective sales teams are constantly looking for ways to make the buyer journey as seamless as possible, which means making adoption of your product simple and easy.

Whether you're selling to SMB, mid-market, Enterprise, or a combination, being able to clearly communicate your company's security program has become table stakes for buyers to be able to work with you.

So, instead of delaying deals late in the sales cycle with lengthy, complex InfoSec processes, how can you train your sales team to lead with trust early and often?

Helping your sales team understand commonly referenced security terms can help improve the way your team speaks to trust. Doing this with confidence will build customer trust early - ultimately helping you shorten sales cycles, improve win rates, and help you reach your revenue goals.

Here are the top ten terms that your sales reps will typically be asked about in the sales cycle:


If you sell to international clients or to clients with international customers, GDPR will come up in every deal. GDPR stands for the General Data Protection Regulation - an EU law on data protection and privacy in the European Union and European Economic Area that addresses the transfer of personal data outside the European Union and European Economic Area (EEA). In short, it was designed to give citizens more control over their personal data. Although you must only adhere to GDPR if you are processing data of EU citizens, it has become a common, universal standard.

What clients want to hear: that you are GDPR compliant.

What is compliance? As a business, you are collecting, storing, and managing personal data safely and securely. Companies can face penalties not only for their own breach of data, but any of their clients misuse of data, which is why they'll go the extra mile to make sure you're up to par on GDPR standards.


2. Data Encryption

A common question for security teams is how your data is encrypted? What they ultimately want to know is how your stored data is protected both at rest and as it moves from one location to another. Data encryption translates your data so that is only accessible with a secret key, which adds another layer of security in case potential attackers gain access to your data. Without the keys to read, your data is still protected against exposure.

What clients want to hear: that your data is encrypted at rest and in transit.


3. Pen Test

Penetration tests, or pen tests, are designed to evaluate your security infastructure by attempting to exploit vulnerabilities in your system. In other words, they're designed for the pen testers to see how easy it is to break in to your systems by identifying weaknesses or easy entry points. Typically clients will want to see that you are performing these regularly.

What clients are looking for: Pen Test Results (typically from a third party).


4. SOC 2

SOC 2 is a compliance framework developed by the American Institute of CPA's Service Organization Control reporting platform. This independent organization's intent is to ensure the safety and privacy of customer data and evaluates companies according to a set of principles. When a company requests a SOC 2 Type II report, this essentially means they are requesting to view your audit, which outlines how you safeguard customer data and how effectively your company performed against the methods outlined in this framework.

What clients are looking for: SOC 2 Type II Report.


5. ISO 27001

When you're asked about ISO, your prospect is usually referencing a certification - most commonly ISO 27001, though there are many other ISO certifications. ISO 27001 is an international standard on how to manage information security originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013. For a company to be ISO certified, they must complete an audit and certification process by the third-party governing body that governs this framework.

What clients are looking for: ISO 27001 certification.


6. Business Continuity Plan

While it's unlikely you'll be asked to speak to this in great detail, most clients will at least want to see your Business Continuity Plan (BCP). This is a document that outlines how your business will continue operating during an unplanned disruption in service. It contains contingencies for business processes, assets, human resources and business partners – every aspect of the business that might be affected. In other words, customers want to know how their business, customers, and work is affected when yours is.

What clients are looking for: Business Continuity Plan.


7. Disaster Recovery Plan

Similar to a BCP, a Disaster Recovery Plan (DRP) is a document that outline your company's response to unplanned incidents such as natural disasters, power outages, cyber attacks and any other disruptive events. The DPR contains strategies for minimizing the effects of a disaster so that the company can continue to operate or quickly resume key operations.

What clients are looking for: Disaster Recovery Plan.


8. Subprocessor

Every company utilizes a suite of systems to power their business, most of which store data and process information. These third-party data processors are known as subprocessors, as they either have access to or process customer data. When a company is evaluating you, they not only are responsible for ensuring that you meet their trust requirements, but that each of your subprocessors meet these requirements as well too.

What clients are looking for: a list of your subprocessors - typically located in your Trust Center.


9. SSO

SSO refers to single sign-on, which is an authentication method that lets users log in to several independent but related systems using a single credential without re-authenticating. Since most of us use the same few passwords for our many, many apps, SSO lowers the risk of potential attacks. So when asking about SSO, what a client is really asking is can I use my existing identity provider to log into your application, e.g. Google SSO, etc.

What clients want to hear: that you utilize SSO.


10. Trust Center

Buyers need to know you can meet their trust requirements before they can work with you. Traditionally these conversations are held far along in the sales cycle after budget, timing, and vendor of choice have been secured. The process for establishing trust is traditionally messy, outdated and lacks visibility or transparency.

A Trust Center is a single hub for easily communicating trust information amongst all stakeholders. An effective Trust Center enables customers to easily access the most up-to-date trust information about your company, and saves your technical team and resources answering the same questions. If done right, building trust early can even reduce the amount of information security reviews your team needs to complete. Utilize Trustpage to power your Trust Center - claim yours here.

What clients are looking for: a Trust Center on your website.

Learning to speak the security lingo not only helps build confidence in the sales cycle, but it allows you to lead with trust early and often. Teams who master this art not only improve win rates and increase revenue, but truly become leaders in making customer adoption as easy as it should be. Lead with trust, sell with ease.


What are the terms coming up for you most often? Did I miss any? Let me know.


Shift Left: Turn Security into Revenue and join the security revolution.

Similar posts

Join 300+ companies using Trustpage to communicate security.