THE RFPIO BLOG

Start Responding Like a Pro

The RFPIO blog is full of insights and best practices, giving you the tools you’ll need to streamline your process and respond with confidence.

Thank you for subscribing.

Something went wrong.

10 ways RFPIO customers can strengthen security

10 ways RFPIO customers can strengthen security

$4.35 million. That’s the global average cost of a data breach in 2019, according to Statista. So it’s no wonder […]


Category: Tag: Security

10 ways RFPIO customers can strengthen security

10 ways RFPIO customers can strengthen security

$4.35 million. That’s the global average cost of a data breach in 2019, according to Statista.

So it’s no wonder that companies invest heavily in cybersecurity. By 2025, it’s expected that annual global spending on cybersecurity products will exceed $460 billion—and this trend is only expected to continue on its upward trajectory.

If you’re storing company information in RFPIO to streamline your RFP responses, I have good news: RFPIO has state-of-the-art security controls to protect your data. Even so, there are still extra things you can do to further protect your information.

Here are 10 things you can do to further strengthen security in RFPIO:

1. Use SSO: A Sweet Security Option

SSO stands for Single Sign-On, but it is also a super sweet security option. RFPIO uses the most widely accepted industry standard, SAML 2.0.

With SSO, RFPIO users use the credentials they already have to sign in. That means they don’t have to remember (yet another) separate user ID and password—and Admins don’t have to take on the responsibility of managing user credentials.

SSO isn’t just convenient. It’s also more secure. When you use SSO, passwords aren’t stored in the browser and there’s a lower risk of a lost or forgotten password. This prevents security gaps that hackers will exploit to gain unauthorized access to the application.

Additionally, SSO allows Admins to manage user activities in real-time, which gives you the extra visibility you need for a tightly run security program.

2. Automate user management with SCIM

SCIM stands for System for Cross-Domain Identity Management. Luckily, it is not as complicated as the 13-syllable name would have you believe.

In a nutshell, SCIM simplifies user management. If SCIM is enabled, users can be added or deleted automatically. It’s as easy as that.

On the one hand, SCIM makes life much easier for Admins. No more manually adding and deleting user accounts.

But it’s also important from a security perspective. With SCIM, user accounts are automatically deleted as soon as employees leave your organization, which means employees won’t have access to sensitive company information after they’ve left.

SCIM happens through SSO and is supported by OneLogin and Microsoft Azure. If your identity provider supports it, I highly recommend implementing SCIM—both for the added convenience and peace of mind.

3. In lieu of SSO, use 2-factor authentication

If your organization doesn’t use SSO, I would recommend you set up 2-factor authentication as an additional layer of security.

If you’ve ever had a code sent to your email or phone, that’s 2-factor authentication. After a user enters their username and password, 2-factor authentication prompts users to enter a valid key or code.

2-factor authentication prevents an unauthorized person from accessing data. Even if a cyber attacker learns the login credentials, they will not be able to access the code for 2-factor authentication.

RFPIO supports 2-factor authentication through Google Authenticator and Duo Mobile.

4. Control access with User Roles

With User Roles (default) and Custom Roles (customized), you can define what users can see and do, and ensure users only have access to the data that’s relevant to them. This is key for security. When you reduce the number of people with access to sensitive data, you minimize the risk of leaks.

RFPIO’s out-of-the-box user roles include Super Admin, Admin, Manager, Team Member, and Project Requester. With Custom Roles (available as an add-on, or included with enterprise package), you can create your own roles that make sense for your organization For example, Content Owner, Reseller Partner, or Project Contributor, but really it can be whatever you want. The world of custom roles is your oyster.

Read our Help Center article to learn more about specific permission levels for the out-of-the-box user roles (RFPIO customers only).

5. Control visibility with collections

Collections is another, more granular way to control access to sensitive data.

While User Roles controls access to projects and organization settings, Collections controls access to content.

When you assign a piece of content to a collection, you can restrict visibility to that collection, either by a user group level (e.g. the sales team) or on an individual level. You can get as granular as you’d like.

For example, you may choose to have a “security” collection and restrict visibility to just the InfoSec team. Or maybe you want a “financials” collection, and want to restrict access to just the finance team and upper management. Here’s a blog with more detail on using collections to organize your content (or scroll to the bottom to watch the webinar).

6. Get really granular with permissions

If you want to get really in the weeds with visibility, you can set privacy settings at the individual object level (e.g. a Q&A pair). Rather than assigning it to a collection, you can set privacy settings to control who can view or edit a specific piece of content.
If there’s a Q&A pair you really only want upper management to have access to, you can do that.

You can also adjust view and edit permissions. For example, maybe there’s a question about a product feature that you really only want the product team to be able to edit, but still want to give your marketing team access to view.

7. Keep up with your audits

With RFPIO, all activities are tracked and logged at different levels (e.g. project level, content level).

Every so often, I’d recommend pulling the Activity Report, which monitors all user activity within the application—including permission changes, user creation, and user deactivation.

For example, if you notice an individual user’s permissions have been changed to have broader access to data that may not be relevant to their role. In response, you can reach out to the person who made the change for more information—and, if necessary, reverse their permission levels to a level more appropriate to their role.

You can also pull the User Login Activity Report. This log includes information about:

  • Who accessed the account,
  • When it was accessed,
  • Where it was accessed (e.g. IP address), and
  • How they logged in (e.g. SSO, username + password, etc.)

Using the User Login Activity Report, Admins can see if the user logged in at odd hours, like on the weekend or very late at night. This could be an indication of unauthorized access that could lead to a data breach.

8. Set up “session timeout”

Avoid the risk of internal attacks by setting up session timeouts that automatically log you out of the application. This is most relevant for organizations working in an office setting.

Here’s the scenario: The VP of Sales leaves their desk for a meeting. Scooby-Doo walks over to the VP of Sales’ desk and downloads a bunch of sensitive financial information from RFPIO, and uses it to wreak havoc. Classic Scooby move.

To prevent this kind of situation from happening, you should set up “session timeout”. The default timeout is 20 minutes, but you can adjust according to your needs.

9. Bring Your Own Key (BYOK)

Set up an extra layer of security with BYOK. RFPIO already encrypts data with our own mechanism, but if you want that added boost… you should consider BYOK.

Basically, BYOK gives you the ability to provide your own encryption key to protect your data—on top of the encryption that RFPIO already uses. This is an added measure for fighting unauthorized access to data.

If you’re an RFPIO customer, learn more about BYOK in the Help Center.

10. Securely share information via Linked Companies

Share company information with partners (e.g. resellers) in such a way that they can only view and use it—but don’t have edit access. This essentially transforms your RFPIO Content Library into an internal knowledge base that your reseller partners can use to respond to RFPs or answer any other questions that may come up during the sales cycle.

You can set this up using Partner Companies. Learn more about how to set up and use Linked Companies in the Help Center (RFPIO customers only).

Where’s the answer? Ask Slack!

Where’s the answer? Ask Slack!

“Water, water, everywhere,
Nor any drop to drink.”
-The Rime of the Ancient Mariner, Samuel Taylor Coleridge

If I were writing the poem, The Rime of the 21st Century Proposal Manager, it might include the lines:

Data, data everywhere, Not a clue to find
As silos rise, I lose my mind.
I chase my tail. I chase your tail.
My efforts always seem to fail.
Chaos abounds.
My head spins round.
Where, oh where, does my answer lie?
In the depths of our silos, it seems to hide.

I’m no poet, wouldn’t you know it?

But I am a Senior Proposal Manager at Illuminate Education, Inc., and I am charged with taming our data sprawl problems using RFPIO. I started by creating a data map. By assigning collections, tags, and subtags, I can migrate from data everywhere, including…

  • Google Drive
  • Confluence
  • Drop Box
  • HubSpot
  • Website
  • Client Library
  • Resource Center
  • Individual PCs

…to a consolidated Content Library in RFPIO. At that point, a new $64K question pops up: Can I make it accessible to everyone in the company? I could add as many RFPIO users as I wanted at no extra cost. But introducing another new software platform to the team is a challenge. Not because I doubt the value; but because some people resist change—even if it helps. It’s a lot easier to call me than to learn a new process!

Enter RFPIO® LookUp, which makes the RFPIO Content Library accessible from Google Chrome, Microsoft Teams, and, most importantly for Illuminate, Slack. The LookUp for Slack is the wrecking ball I need to break down all of the data silos used across my organization.

All teams use Slack. We talk, ask questions, and collaborate with Slack. Now we can extend this engagement to include RFPIO proposal projects. Log into Slack, ask a question, and BOOM! There’s the answer. Using @mentions or inserting a tag using #hashtags, users find their answers. They can even do it from their phone! All activity is captured by RFPIO for tracking usage and uncovering retraining opportunities.

Slack questions are easy to add to our knowledge base. We simply grab the conversation from Slack and create a new Q&A pair. Our workflow delivers the new content to moderation for edits and enhancements. Once moderation is done, the content is available in the library.

Slack evolves into an on-demand knowledge base. Through Slack Bot, we eliminate the “I need an answer and I need it now” dilemma. As a self-service tool, management teams, sales, SMEs, customer support, and all Illuminators can get answers or content quickly. Fast answers. Quick responses. Improved quality. What more can you want?

While RFPIO® LookUp for Slack is a huge help for all your users, your sales team will be doing happy dances! To just type in a question on their phone or laptop while sitting with a customer, and get a trusted answer—well, that is huge.

Sales is your biggest challenge. They’re busy, short on patience, rely on others, and hate change. Training this team is a challenge. LookUp for Slack simplifies integrating sales into the RFPIO proposal process and exposes them to an Content Library knowledge base.

If you’re looking for more information about how I am implementing RFPIO® LookUp at IlluminateEducation, check out my RISE UP session! If you like detailed anecdotes, data maps, and user adoption hacks, you’ll probably get a kick out of it. Although, admittedly, I may be biased.


Building a portal to your company knowledge base from Slack is just the beginning of what RFPIO® LookUp can do. LookUp is also compatible with Google Chrome, Microsoft Word, Powerpoint, and more! Learn more here.

RFPIO saved Microsoft $4.2M this year while streamlining RFx processes

RFPIO saved Microsoft $4.2M this year while streamlining RFx processes

Microsoft is a company dedicated to empowering every person and every organization on the planet to achieve more. True to its mission, Microsoft is committed to helping customers modernize processes and achieve digital transformations at scale. This commitment applies internally, as well: Microsoft encourages all employees to use a growth mindset across all efforts and requires everyone to ask questions and continually improve their processes, tools, and workflows.

In 2019, proposal professionals at Microsoft saw an opportunity to improve the efficiency of proposal response management with AI-based tools and enhanced collaboration across teams. By augmenting Microsoft’s proposal response process with the right solution, it was clear they could save their sales teams valuable time that could be otherwise spent with customers — and propel their proposals to a new level of excellence.

Microsoft needed a scalable and flexible response management platform that supported multiple teams, languages, and content types, while smoothly integrating into its tech stack. And it needed the right solution partner to help. Through a partnership with RFPIO, Microsoft reimagined its proposal process — significantly improving efficiency and productivity with five key principles.

1. Unleash the power of knowledge

According to a McKinsey report, employees spend nearly 20% of their time looking for internal information or tracking down colleagues who can help with specific tasks.

Democratizing knowledge is essential to working effectively and Microsoft believes in giving its teams the tools they need to thrive. For sales teams, that means spending less time searching for answers, and more time listening to customers, creating solutions, and managing pipelines. With RFPIO’s integration with Azure Active Directory (AAD), thousands of users across the company have securely activated their accounts using their existing Microsoft corporate credentials.

The response from the Field has been overwhelmingly positive. Eric Fink, Dynamics & Business Applications Specialist, said, “The first time I logged into RFPIO, it took me about 10 minutes to get comfortable with the platform. After that, I quickly found responses to all of my open questions — seeing 100% value from the very beginning.”

According to Brice Baro, Account Tech Strategist Global, “This site (RFPIO) is very intuitive, and this library really accelerates our work on RFxs.”

As exposure to RFPIO increases, so does user adoption and overall value. For example, after the legal team learned about RFPIO they realized that it could help them stem repeated requests for the same one-off questions.

“Our collaboration is helping us scale legal support to a different level, achieving better deal velocity and helping legal professionals focus on more complex deal negotiations.”
-Nadia Guarino, Sr. Paralegal

In the first 18 months after implementing RFPIO in 2019, more than 7,000 Microsoft users accessed the platform to find 36,200 ready-to-go RFx responses from the managed RFPIO Content Library. With a conservative estimate of 20 minutes saved per response, Microsoft estimated $2.4M in savings during those 18 months.

By 2022—after 3 years of utilizing RFPIO—Microsoft had accumulated more than 13,000 RFPIO users who search a Content Library of more than 18,000 Q&A pairs spread out across 9 collections. In fiscal year 2022 alone, Microsoft estimates that its savings nearly doubled compared to savings during those first 18 months, from $2.4M up to $4.2M. They also saved more than 21,000 hours while using more than 63,000 answers.

FY2022 RFPIO Value

13K+

users

21K+

hours saved

63K+

responses used

$4.2M

estimated savings

“Based on the estimated time team members saved looking for content using RFPIO, we saved $4.2M in FY22 in the self-serve libraries alone.”
-Rhonda Nicholson, Sr. Business Program Manager

2. Stay secure and connected

Strong privacy and security are critical to Microsoft’s mission and essential to customer trust. The standard practices captured in its Supplier Security and Privacy Assurance (SSPA) reflect company values and extend to suppliers who handle Microsoft data on their behalf.

RFPIO’s proposal automation solution meets the privacy and security policies and integrates nicely into Microsoft’s existing tech stack. Microsoft’s RFPIO platform is hosted securely on Azure with AAD authentication and integrates with Microsoft Translator to support its multi-lingual customer base. In addition to the standard browser experience, RFPIO fosters adoption by meeting employees right where they are, including:

  • Microsoft Teams,
  • Microsoft Office, and
  • Microsoft Outlook

By giving everyone access through familiar platforms, RFPIO has improved collaboration and enables proposal managers, contributors, and Field users to search faster—and find the information they need to work effectively.

“RFPIO’s impact on our pursuits has been incredible: It’s simplified and streamlined finding relevant content and improving it; it’s centralized and minimized burdensome administrative tasks. In short, the time it saves pursuit teams enables those teams to focus more on what will win.”
-Mitchell Galloway-Edgar, Senior Business Program Manager

3. Simplify content curation

According to 2019 research from Richardson Sales Performance, the top two biggest challenges when pursuing new opportunities are demonstrating competitive differentiation and creating a case for change.

When sales and proposal teams have ready access to pre-approved content, they’re able to spend more time showing how their solution addresses their customers’ specific problems.

That’s where content governance steps in. At Microsoft, content governance goes beyond organizing and presenting online content. It’s a craft. Content managers shape compliant, compelling, and customer-focused information by proactively seeking out information from subject matter experts, harvesting answers from proposals, and storing content in a shared database for future users.

RFPIO simplifies this process. Advanced content organization, moderation, and review features mean content managers are able to keep content relevant, fresh, and working in harmony with RFPIO’s AI engine.

As a result, proposal professionals can use the AI engine to automatically respond to commonly-seen questions—SIG security questionnaires (documents many corporations use to understand risk from potential bidders) that used to take several days to complete, can now be completed in less than an hour.

“Without access to the reusable content in RFPIO, it would have been nearly impossible to meet the customer’s RFP deadline.”
-Joe Straining, Strategic Client Technology Lead

With trusted content at their fingertips, Microsoft’s proposal professionals have time to focus on crafting compelling win messaging tailored to each customer’s needs. With more time to spend polishing each proposal, the stronger their proposals are—and the more likely they are to win.

4. Enhance communication and collaboration

Teams stay collaborative and aligned when all members are working in sync and communicating constantly to accomplish a common goal.

When communication is dispersed across email, chat, and in-person meetings, keeping track of moving parts is complicated and time-consuming, and it’s easy for teams to fall out of alignment.

Microsoft focused its attention on keeping everyone connected and communicating by rethinking their proposal processes. With RFPIO, all communication happens within the application in a single place, using in-app commenting and @-mentioning. Proposal contributors and proposal managers use in-app collaboration features for their projects. SMEs, proposal managers and content owners all communicate within each question-answer pairing, which helps keep content fresh and improves deadline commitments.

Communication around project status has also been simplified to a few clicks. Rather than reaching out to proposal managers for a status update, anyone can check RFPIO project status right from the dashboard in Microsoft Teams. By tracking status in real time, project teams are able to prevent roadblocks before they happen.

“RFPIO’s enterprise-level capabilities enable multiple business units, including partners, to collaborate on a single platform. It also reduces communication channels during the proposal development process.”
-Page Snider, Director of Business Program Management, Microsoft Consulting Services

5. Stay flexible and keep evolving

According to the Adobe State of Create Report, 78% of respondents agreed organizations that invest in creativity increase employee productivity. When each problem or inefficiency becomes an opportunity to think creatively about finding a solution, the lines defining limitations become blurred.

When the team at Microsoft set off to reimagine the proposal process, they knew it would be a continual journey, a persistent state of questioning the status quo—constantly making tweaks, adjustments, and changes as they go along.

That’s why a solution that was flexible enough to grow alongside their process was a necessity.

“The content management capabilities allow our team of content managers to effectively manage more than 18k pieces of collateral. The moderation and review workflows allow our team to work directly with SMEs and control the flow of information to our more than 13k users around the globe.”
-Amanda Heather, Business Program Manager, Content Lead

The customer success team at RFPIO has worked closely with Microsoft to continuously evolve to meet its changing needs. Diane Holt, business program manager at Microsoft, added, “RFPIO is a rare gem in that the company delivers a mature product with the agility of a startup. This tool continually improves with capability and usability.”

RFPIO and Microsoft continue to work together to find new ways to improve efficiency and advance productivity. Rather than staying ensconced in familiar workflows, Microsoft is a company that welcomes the hard work and creative thinking required to push the status quo.

In the end, both Microsoft and RFPIO believe that when teams are willing and encouraged to think outside the box, processes become more efficient, nimble, and agile… and that’s when results start snowballing.

Get the latest stories delivered straight to your inbox

Subscribe to our blog and never miss an important insight again.

Thank you for subscribing.

Something went wrong.