Review this information before contacting the RFP and/or security teams if a customer requests that Coupa complete a questionnaire, assessment, or security document.
1. Send the customer or prospect the following message:
As expected, Coupa must respond to multiple security questionnaires, control assessments, RFPs, and compliance mapping exercises. To standardize this process and to provide the most accurate information across all business units, Cloud Security Alliance (CSA) STAR Self-Assessment has been selected as Coupa’s preferred method of conveying our current security practices. Additionally, Coupa will provide the most current SOC Reports and Gap Letters to support the answers provided in the self-assessment. Coupa continues to undergo third-party audits to support the information within the CSA Self-Assessment. Coupa regularly updates these answers and control responses based on any changes to Coupa’s environment.
After you have completed an NDA with Coupa or have a signed MSA, these documents can be provided to you. Additionally, after you review the documents, GRC can provide additional clarification and answer any questions. You can request Coupa compliance reports from the Compliance Reports Requests portal.
2. If the customer or prospect has an MSA or an NDA the CAIQ (Consensus Assessments Initiative Questionnaire) can be sent to them.
Additional questionnaires and surveys are also attached at the bottom of this page.
3. If the customer or prospects is requesting copies of Coupa compliance reports.
Send the Compliance Reports Requests portal link to the customer or prospect.
The requested documents are automatically emailed to the customer after they complete the request form. The customer must use their company email address in order for Coupa to confirm their status as a customer. Ensure that the customer checks their spam filter.
Prospects use the same link, however, a message is sent to the Coupa salesperson/contact lead identified in SalesForce. The prospect then receives an email message informing them that a Coupa representative will be in touch regarding their request. Coupa employees/sales must confirm prospects have an NDA on file before they send the reports from The Vault.
It is the salesperson or opportunity lead's responsibility to pull the requested information and send to their customer/prospect.
4. If the customer or prospect did not receive the requested reports after completing the web form.
The salesperson or opportunity lead can send the requested reports following the same process outlined for prospects. Simply use the documents available on the Compliance Reports Page.
Also, please send an email to Compliance@coupa.com with the customer name and company, so that we can investigate why the report was not sent via Marketo.
5. If the customer still wants Coupa to complete the questionnaire, survey, or assessment.
If the customer/prospect still needs a security questionnaire completed, please use the RFP process. The RFP team will coordinate with the Security and Compliance team to complete the request.