Earlier this month, I spoke with Stephen Boyle, chief trust officer at enterprise management software firm Workday, about his role and the importance of building trust with customers. The below interview has been edited for clarity and brevity.
Fortune: What is a chief trust officer?
The chief trust officer is the person responsible for being the customer-facing representative for the security and privacy program at the company. So if you think about prospective customers who are assessing Workday from a risk perspective, they're going to have a lot of questions about the security and privacy practices of how we’re protecting their data. It's my job to make sure that we're open, transparent, and giving them the answers that they need so that they can have a good experience while they're running due diligence. So a key part of that is making sure customers understand the security program and the investments that we're making in people, processes, and technology to protect their data.
It sounds like a mixture between a technical role and a communications role, where you need a lot of technical knowledge but also the ability to translate that into language less technical-minded customers can understand.
That's right, exactly. You'll be dealing with executives on the customer side, ranging from technical experts to CIOs and CHROs, so there's a team on the customer side who are assessing not only for security elements but also features and functionality. So it's really important to be able to translate complex security and technology concepts into a format that people can understand and digest.
How does that help you build trust with the customer?
For us, it’s really about being open and transparent in how we interact with our customers. So we deliver what we call a trust presentation, that gives a large overview of the discussion program focusing on a number of different areas: for example, how we create, foster, and maintain our culture of security and privacy awareness. We will also talk about the [third-party] certifications that we have, like the ISO certifications and service organization controls reports, so there's kind of a soft audit report. We make those reports available on a continuous basis to our customers. And I think the commitments that we make to security help build trust as well. In the software portal, we're saying we're not going to diminish those controls over the period of the contract with our customers, and that gives customers a high level of assurance about the controlled environment that we're offering.
Did you find the pandemic affected your ability to build trust with customers when meetings needed to be conducted remotely?
I think it's always good to have face-to-face meetings and that it’s a good way of really understanding people on a human level. So, from that perspective it was probably a little bit of a battle, but it wasn't something that constrained us. One of the great things about Workday is that, because we're a SaaS [software as a service] vendor, we were already set up to help our customers navigate the pandemic remotely and build rapport and trust in a virtual environment.
How does your role sit within Workday’s organization?
In Workday, we work very closely with our sales and pre-sales colleagues, and our legal team as well. You can imagine, during a deal, pre-sales and sales are the interface with the customer and are driving that process. We come in at a point in the sales cycle when customers are really looking to understand more depth. We also work with legal, helping develop contractual language. But overall, we're part of the security function, so the chief trust officer role reports to our chief security officer.
Why is building trust important to Workday?
It really helps us meet our customers' needs. When we develop our systems, we're developing with principles of privacy by design in mind, you know, which is about building trust with our customers. We really listen to our customers and configure our systems or build the features that they need to run their business. And that really is important to us: that we continue to meet their business needs.
If you think from the customer's perspective, they're taking critical data about their people and then placing it into the Workday environment. They have to really understand a lot about our security program and the protections that we're putting in place throughout the duration of the contract with them to trust us.
Eamon Barrett
eamon.barrett@fortune.com
