The RACI Chart: How to Respond Faster to Security Questionnaires
Security questionnaires come in hot during a sales cycle, often with hundreds of questions about mitigation tactics and breach management policies.
While customers must assess the security posture of a vendor before signing on the dotted line, these questionnaires can slow down (or even defer) the deal.
That’s why the sales engineering team at Clari uses a RACI chart to help clarify roles and responsibilities, answer questions more efficiently and effectively, and cross the finish line faster. 🏁
The results? Clari now completes security questionnaires in 2 days (when it used to take them 2 weeks).
Learn how you can also use a RACI chart to speed up your security questionnaire response process:
But First, What Exactly is a RACI Chart?
A RACI chart (a.k.a RACI matrix) is a useful tool in project planning that maps out who’s involved in doing what—and at which level. In other words, it’s a visual chart that establishes roles and responsibilities upfront for the various tasks and key decisions needed to complete a project.
The best part? A RACI chart provides much-needed clarity from the get-go. Instead of wondering, “who’s doing this part?” and waiting for the responsible person to raise their hand, team members know what they individually need to tackle ahead of time—and can move faster overall.
Psst … it’s especially useful to create RACI charts for complex projects involving several subject matter experts (SMEs) from multiple departments—like RFPs, RFIs, DDQs, and security questionnaires.
Another Acronym: What Does RACI Stand For?
RACI stands for Responsible, Accountable, Consulted, Informed.
Since complex projects (like security questionnaires) often involve many contributors, stakeholders, and other “interested parties,” the different roles and responsibilities can quickly become confusing. With a RACI chart, you never have to worry about team members working on the same task (or an executive divebombing in with a derailing opinion) because everyone knows the part they play.
They might be…
🧑💼 The Responsible One (Hands-On Team Members, Like a Sales Engineer)
This is the person responsible for completing each particular task. While there may be more than one person who can complete the task, it’s best to assign one responsible party to avoid confusion.
📋 The Accountable One (Project Manager, Scrum Master, or Sales Manager)
This person oversees the execution of project tasks, and ultimately, reviews work by contributors before marking it as complete. Again, it’s ideal if the accountable role goes to a single person because it could add unnecessary complexity if multiple project managers have a say in the approval process. In some cases, the accountable person might be the same as the responsible person.
💬 The Consulted One (I.T. Specialists, Legal Experts, or Compliance Consultants)
This person weighs in with their expertise to support the overall project—usually one of your subject matter experts, a specialist, or someone from a senior leadership or executive position (this is where the divebombing comes in). At Clari, the Chief Information Security Officer (CISO) is the consulted one for security questionnaires.
👂 The Informed One (Business Owners, Account Executives, External Stakeholders)
These are the people you need to keep in the loop on the progress of the project but don’t necessarily have to be involved in all of the details. On a complex project, you may have more people who need to be informed, like account executives (AE) and customer support managers.
Why Should You Use a RACI Chart for Security Questionnaires?
As a responsibility assignment matrix, you can use a RACI diagram to project manage your security questionnaires that involve multiple stakeholders. In other words, RACI charts help you smooth over unnecessary complexity and accelerate your approval process.
For example, it’s not uncommon for Clari to receive 120 security questionnaires in a single quarter (that’s a total of 5,000 questions to answer). 🤯 And stickhandling this influx can lead to common pitfalls, such as:
- Conflict or confusion when task ownership gets muddled
- Delays or misunderstandings in the review process
- Resentment when a workload seems unevenly distributed
Thankfully, Clari found 3 ways a RACI chart can be particularly useful for security questionnaires.
3 Ways to Use a RACI Security Questionnaire, Effectively
At Clari, the sales engineering team instituted the RACI chart to clarify project roles and responsibilities early on in the security questionnaire response process. After circulating it to all team members for buy-in and alignment, they’ve discovered three more ways to use RACI charts since.
-
Build Trust Through Project Communication
According to Forbes, 40% of workers say that poor communication reduces trust in their team. The RACI matrix can help solve this by providing two way communication on the progress of a security questionnaire response. For instance, you can invite those who are consulted to optional meetings or send project updates to the informed party. No one gets left in the dark.
-
Set Clear Expectations for Different Tasks
In times of confusion or push-back, the pre-determined RACI roles serve as a high-level foundation to review and re-establish alignment around any given task. For instance, if certain stakeholders become bottlenecks, you can remind them of their roles and responsibilities in the RACI matrix or move them out of the consulted and informed bucket if they need to be more actively involved in the project.
-
Lay a Foundation With New Security Engineers
Starting a role at a new company can be overwhelming. A responsibilities matrix helps to eliminate confusion when new hires respond to a security questionnaire for the first time because they know exactly what role they play, the final decision makers, and who they need to keep consulted and informed.
P.S. It’s important to note that RACI charts do not need to change per project—they are meant to act as a high-level foundation for all projects within the same category, like responding to security questionnaires.
Making it Real: Steal This RACI Chart Template for Security Questionnaires
Are you ready to create a RACI chart for your own team? Follow these simple steps…or copy the RACI chart example for security questionnaires below. 👇
- Create a table with the right amount of columns and rows
- Enter all project roles or team member names across the top row
- List all tasks, milestones, and decisions down the left column
- For each task, assign a responsibility value to each role or person on the team (R for Responsible, A for Accountable, C for consulted, I for informed)
The Task at Hand 📋 | Sales Engineer | Sales Manager | Security Officer | Account Executive |
---|---|---|---|---|
Receive and review security questionnaire | C | A | I | R |
Prepare technical documents | R | A | C | I |
Respond to sections | R | A | C | I |
Review and revise answers | A | I | R | C |
Submit security questionnaire response | C | A | I | R |
Want to steal (and customize) this RACI chart example?
Download this RACI chart template to establish clear roles and responsibilities for your team—and avoid wasting time wondering who’s doing what.