How to Use a RACI Chart to Upgrade Your Security Questionnaire Response Process

The Loopio Team

Time and time again, teams run into confusion and conflict when it comes to responding to RFPs and Security Questionnaires because there isn’t enough clarity on who is responsible for doing what. The use of a RACI chart to project manage the response process can provide some much-needed relief and clarity.

Ben Chen, a Security Engineer at Clari, is a big fan of establishing processes that get his team to the finish line as quick as possible. That’s why Ben implemented the use of a RACI chart in his Security Questionnaire response process.

A RACI chart is a matrix used to establish roles and responsibilities for the various tasks and decisions on a project. It is especially useful in complex projects involving a number of subject matter experts (SMEs) from multiple departments– like RFPs, RFIs, DDQs, and Security Questionnaires! A RACI chart maps out who is involved in each project task, and at which level, to establish from the get-go who is doing what. Having this kind of clarity is key for scaling processes and will help your team move faster overall.

What does RACI stand for?

RACI stands for Responsible, Accountable, Consulted, Informed. Let’s quickly detail each one.

Responsible – This is the person completing each task. In Ben’s case, when responding to Security Questionnaires, he is responsible.

Accountable – This is the person who reviews all work completed by other stakeholders and ultimately deems each task complete. In some cases, like Ben’s, they may be the same person who is Responsible.

Consulted – This person is the expert or specialist who weighs in with their opinion to support the overall project. In some cases, this may need to be a senior leadership or executive position. In Ben’s case at Clari, the Chief Information Security Officer (CISO) is consulted.

Informed – These are the people who need to be kept in the loop on the progress of the project but not necessarily involved in the details. At Clari, the account executives (AE) and customer support managers (CSM) who hold the account are informed.

Why use a RACI chart for Security Questionnaires?

A RACI chart can be used to project manage almost any kind of project involving multiple stakeholders. Ben finds it particularly useful when responding to Security Questionnaires as these projects often run into the following obstacles:

  • Communication on task ownership get muddled and can lead to conflict or confusion
  • There are delays or misunderstandings in the review process
  • The workload feels like it’s unevenly distributed

How to use a RACI chart

Ben instituted the RACI chart to determine project roles and responsibilities early on in his process.  It was circulated to all team members involved for buy-in and alignment, and generally speaking, hasn’t changed. It’s important to note that the RACI chart does not change per-project, it is meant to act as a high-level foundation for all projects within the same category (like responding to Security Questionnaires).

Leverage it in all project communication

Fifty-nine percent of workers in the U.S. say communication is their team’s most significant obstacle to success, followed by accountability (29%). The RACI matrix can solve for this by being baked into the communication and meetings for a project. Invite those who are consulted to meetings optionally, send those who are informed meeting notes and project updates.

Use it in tough conversations

In times of confusion or push-back, the chart serves as a high-level foundation to review and re-establish alignment. If certain stakeholders are bottlenecks, perhaps they should be moved to informed rather than actively being involved in the work on the project.

Set the foundation with new hires

Setting these roles also makes onboarding and RFP training for new team members more effective. When it comes to responding to an RFP or Security Questionnaire, they know exactly what role they play.

“If you don’t lay down the overall expectations during training and get alignment across departments you won’t get adoption.”
Ben Chen, Senior Sales Engineer

A RACI chart example for Security Questionnaires

Here are the simple steps to creating a RACI chart, along with an example:

  1. Enter all project roles or team member names across the top row
  2. List all tasks, milestones, and decisions down the left column
  3. For each task, assign a responsibility value to each role or person on the team
example of raci chart for security questionnaires

Other ways to use a RACI Chart

There are endless projects where a RACI chart would come in handy. Ben also uses them for proactive proposals, portal RFPs, and even security questions that come in through email. You can use RACI charts to project manage steps in the sales cycle, or product development initiatives or even hiring new team members.

Stay in the Loop.
Get Loopio Updates.