Security First Initiative Gaining Momentum

-Cloud Security Alliance, Drata, RiskRecon, RFPIO, and Tevora lend support to Whistic-led security initiative-

SALT LAKE CITY--()--Following a successful launch of the Security First Initiative in March, Whistic is pleased to announce the addition of more companies adding weight to the movement to proactively share their security documentation using a Whistic Profile. Companies endorsing the Security First initiative now include Cloud Security Alliance, Drata, RiskRecon, RFPIO, Tevora and more.

Whistic and other leading technology companies formed the Security First Initiative in response to the growing number of third-party security incidents impacting businesses of all sizes with the goal of proactively sharing security documentation including standard questionnaires, certifications, and audits. Founding members of the security first initiative include Okta, Airbnb, Zendesk, Asana, Atlassian, Notion, G2, TripActions, and Whistic.

“The desire for proactive vendor security is reaching a tipping point,” said Nick Sorensen, CEO at Whistic. “The threat of third-party security incidents isn’t going away any time soon, and a company's security is only as strong as its weakest vendor. That’s why the collaborative approach to vendor security that’s baked into the Security First Initiative has resonated with so many companies and has helped this movement grow so quickly.”

To help companies meet this new Security First expectation, Whistic is offering vendors access to a free version of Whistic Profile, which includes the ability to proactively share their security information with their customers, streamlining and accelerating partner relationships and sales by eliminating the need to repeatedly complete security policy questionnaires.

Visit to join the Security First Initiative and start building your Whistic Profile today.

Supporting Quotes


“At Drata, we are staunchly focused on easing the path to continuous compliance and guiding our customers with transparency. Joining the Security First Initiative furthers our ongoing commitment to building trust on the internet, starting with our own security posture.”

— Adam Markowitz, Cofounder and CEO of Drata

Cloud Security Alliance

“It’s no secret that the Cloud Security Alliance has always supported proactive vendor security. Through our STAR Registry, companies have been able to display security information to prospects and customers. Efforts like the Security First Initiative elevate proactive vendor security to another level, making it available to any business regardless of size or program maturity.”

— Jim Reavis, CEO, Cloud Security Alliance


“RiskRecon's longtime partnership with Whistic helps participants of Whistic's Vendor Security Network accurately determine the risks associated with engaging with a particular vendor. RiskRecon applauds the guiding principles of Whistic’s Security First Initiative, and believes transparency helps drive the speed of business without compromising attention towards security.”

— Kelly White, Founder, RiskRecon, a Mastercard Company


“As an organization that has helped small businesses, Fortune 500s, and state entities build and manage their third-party risk programs, Tevora can confidently say one of the biggest hurdles to developing an effective and secure third-party ecosystem is the lack of visibility into vendor’s security programs. We view the Security First Initiative as a much-needed investment that will allow organizations to fully realize the value proposition of vendors, without burdensome information chasing”

— Jeremiah Sahlberg, Managing Director Third-Party Risk Management, Tevora


Through our partnership with Whistic, we make it easy for companies to complete Whistic Profile questionnaires. Whistic’s Security First Initiative is excellent and our decision to join the initiative further strengthens our partnership.

— Ganesh Shankar, Chief Executive Officer, RFPIO

About Whistic

Located in the heart of the Silicon Slopes in Utah, Whistic is the network for assessing, publishing, and sharing vendor security information. The Whistic Vendor Security Network accelerates the vendor assessment process by enabling businesses to access and evaluate a vendor’s Whistic Profile and create trusted connections that last well beyond the initial assessment. Make security your competitive advantage and join businesses like Airbnb, Okta, Betterment, and Atlassian who are leveraging Whistic to modernize their vendor security programs. For more information, visit


Cheryl Conner or Paul Murphy
SnappConner PR


Cheryl Conner or Paul Murphy
SnappConner PR