How It's Made
Instacart’s Trust Program: How We Build Trust with Our Retailer Partners
Authors: Blake Hoge, Sr Governance, Risk, and Compliance Engineer, and James Cha, Sr Security Engineer
Building trust with our retailer partners is one of Instacart’s highest priorities. Instacart CEO Fidji Simo sets the tone at the top at every company-wide meeting, emphasizing to our teams just how critical retailer trust is to our mission. This top-down focus on trust empowers our Governance, Risk, and Compliance (GRC) and Information Security teams to build sustainable and scalable processes that provide our retailers with the information and assurance they need.
Retailer Trust Management – the Next Security Frontier
The data that flows through an organization like Instacart requires robust security, privacy, and compliance programs. Transparently showcasing the strength and maturity of these programs to stakeholders takes a village. Many of our retailer partners are large enterprises, and their security reviews of new vendors/partners are – rightly – vigorous. Retailer security teams want to understand what data Instacart is holding for them to assess our security maturity level and decide whether Instacart can handle their data safely. The ability to quickly build this level of trust between our organizations is what sets us apart. How we communicate our security posture presents an opportunity to be a secure and trustworthy revenue enabler rather than an impediment.
Instacart works with 1,000+ retail banners of all shapes and sizes. Each retailer is unique, and we work to support them in ways that make sense for their businesses. Critical to our ability to work with our partners is the infrastructure to handle all of the review requests coming in fast and often at the last minute. Choosing the right tools that enable our teams to operate successfully can make or break our ability to establish new relationships. Inefficiencies within internal processes presented an opportunity to consolidate how we address retailer requests for information and disseminate that information. We quickly realized that unifying our teams behind the goal of building trust through transparency would allow us to manage retailer trust at scale and to a higher degree of accuracy than previously thought possible.
Building a Robust and Scalable Retailer Trust Program
After identifying this inefficiency in our processes and recognizing the opportunity to expedite retailer onboarding, save time for our internal teams, and increase retailer trust, Instacart’s GRC program partnered with SafeBase in Q4 2021 to develop Instacart’s Smart Trust Center. The image below is what it looks like today.
We selected SafeBase because it provides a flexible platform for retailer trust management centered around a public-facing, custom Security Portal that allows self-service access for prospective and existing retailer partners. They have worked with us to prioritize several features that improve both our internal experience and the retailer partner experience, including:
- Salesforce Integration: We can instantly and automatically approve access requests from retailers linked in Salesforce and report on their activity directly in Salesforce.
- Slack Bot Workflows: Requests from retailers that don’t already exist in Salesforce are routed to Slack for approval, allowing instant collaboration on the requests we receive from retailers.
- Automated NDA Signing: Retailers can sign Instacart legal and retailer-approved NDAs directly in SafeBase and can access our information instantly after signing.
- Dedicated Product Pages: We provide product-specific views (Marketplace, Storefront Pro) of our posture so retailers can access the relevant information to meet their specific needs.
- Knowledge Base: We have a centralized location where all previous responses are organized and inventoried to access when responding to retailer questionnaires quickly. We will soon have the ability for retailers to access our Knowledge Base directly to self-serve answers.
- Business Intelligence: We can quickly view built-in dashboards to understand what our retailers care about and support them.
- Questionnaire Support: SafeBase helps Instacart by compiling responses to questionnaires received from our retailers by leveraging our Knowledge Base and security documentation.
- Subscribe: Our retailers will receive real-time, critical updates from us by subscribing to our Trust Center. We are working cross-functionally with GRC, Legal, Privacy, and Information Security to centralize all of our critical vendor notifications within SafeBase.
The diagram below illustrates how the new process operates, starting with the retailer requesting access to Instacart’s Trust Portal and self-service to our security documentation.
Retailer Trust Program Progress
Within months of launching our Smart Trust Center, Instacart has achieved significant time and cost savings that would have otherwise been impossible with our legacy processes. Instacart further partnered with SafeBase to produce a case study that affirmed our expectations – during the ramp-up period and in less than six months, Instacart saved over 500 hours, which does not include the efficiencies and time savings our retailers benefitted from.
These results were achieved by reducing the time spent:
- Answering questionnaires by providing retailers the information they need within industry standard questionnaires, reducing the need for one-off responses to similar questions
- Signing NDAs
- Processing and approving requests to the Trust Portal
- Securely sharing sensitive documentation, such as the SOC 2 report
- Collecting and processing metrics to measure success
- Tracking and managing the process to share critical updates
Since January 2022, we have had 4,000+ Trust Portal visits, shared 200+ documents securely (SOC2, PCI, Pen test, etc.), and processed over 90% of those documentation requests in less than 24 hours. We have also reduced the number of security questionnaires from our retailers by 75%.
On an annual basis, and considering Instacart’s rapidly expanding retailer base, Instacart will save thousands of hours through the new tools and processes implemented, as well as share these benefits with our retailers!
The Future of Retailer Trust Management at Instacart
As a rapidly growing company powering the future of grocery transactions, Instacart relies on continuous investment and innovation in security to build and maintain trust with current and prospective retailers. Our ability to develop trusted relationships at scale is essential to the success of our business. Our Smart Trust Center is a key part of our security efforts.
Building retailer trust is more than simply exchanging documents, and it is evident that transparent and efficient communication of our security posture enables measurable success for Instacart and our retailers.
To our enterprise retailers: please visit Instacart’s Trust Portal and subscribe to receive updates!
Special thanks to Tim Nagle and Spencer Sheehan for their contributions!
Most Recent in How It's Made
How It's Made
Unveiling the Core of Instacart’s Griffin 2.0: A Deep Dive into the Machine Learning Training Platform
Authors: Han Li, Sahil Khanna, Jocelyn De La Rosa, Moping Dou, Sharad Gupta, Chenyang Yu and Rajpal Paryani Background About a year ago, we introduced the first version of Griffin, Instacart’s first ML Platform, detailing its development and support for end-to-end ML in…...Nov 22, 2023
How It's Made
Introducing Griffin 2.0: Instacart’s Next-Gen ML Platform
Authors: Rajpal Paryani, Han Li, Sahil Khanna, Walter Tuholski Background Griffin is Instacart’s Machine Learning (ML) platform, designed to enhance and standardize the process of developing and deploying ML applications. It significantly accelerated ML adoption at Instacart by tripling…...Nov 22, 2023
How It's Made
The Economics Team at Instacart
Tilman Drerup, Levi Boxell, and Robert Fletcher Tech firms are increasingly choosing to hire graduates from PhD programs in economics [1, 2, 3]. In this blog post, we present the economics team at Instacart and our take…...Nov 22, 2023