Top Tips for Closing Out a Security Compliance Project

Congratulations, you just wrapped up a project! This is big for everyone. You’re getting your final payments, your client is getting an actionable report to go improve their business, and your champion is proving to their bosses that they made the right choice by hiring you.

Hopefully you’ve executed your project well and built some trust with your client. But a closeout isn’t just the end of a contract. It’s your best chance to secure the next one.

Preparing for the Closeout Meeting

Every project should have a closeout meeting to verify the contract has been fulfilled and to discuss next steps. Before going into this meeting, there are a few things you need to do.

1. Review the goals of the project. Ensuring you fulfilled the contract is table stakes. In addition, ask yourself if you hit the client’s objective (pure compliance, increased security posture, gaining management’s attention on key issues, etc.). No two projects are the same, so make sure you understand why your client hired you.
2. Understand if this is annuity work. This should be pretty straightforward for compliance-focused penetration tests, annual audits, and the like. But be on the lookout for any potential changes to scope or strategy. For less rigid advisory work, spend some time thinking about what would provide the greatest value going forward.
3. Understand your client’s budgeting cycle. Budgeting processes vary greatly between companies. You need to work around how your client handles it. Sometimes you’ll be able to move directly into a renewal conversation and get a signed contract quickly. In other cases your client may want a proposal that they will need to sit on until they can submit it for annual planning.
4. Gather any feedback from your key stakeholders. The last thing you want is to be caught flat footed in your closeout meeting. Solicit project feedback from the people you worked with ahead of time. That way you can come into the closeout meeting with an informed opinion on how the project may need to change next year.

Organizing the Closeout Meeting

There are only a couple of things to do here. First, make sure you have the right audience. Busy executives are prone to skipping meetings, particularly if they weren’t involved in the project. Make sure you have support from your main point of contact, the executive sponsors, and anyone else that may impact this project or future projects. Help ensure attendance by offering a clear value prop for attending. Namely, that this meeting is the best place to share feedback and ensure success in the future.

Secondly, send an agenda. As with the kickoff meeting agenda, this will force you to reflect on the project and give your client confidence that you take this seriously. Word docs, PowerPoints, and email agendas can all be successful. Lean into your style and what works best for your client. Your agenda should include:

• Congratulations to your client.
• A review of the project objectives.
• Confirmation that findings have been received.
• A high-level review of action plans.
• Collection of feedback, both positive and negative.
• Solicitation of any referrals or marketing collateral, if applicable.
• Discussion of next steps (ideally getting a call on the calendar to talk renewal).

Hosting the Closeout Meeting

I like to start my closeout meetings by congratulating the client. This starts the meeting on a positive note and makes it clear you’re not just here for yourself. Everybody likes to hear “good job,” and what better time to do that than in front of your main contact’s boss.

Often, the individuals working on your project are doing it in addition to a slew of other responsibilities. Their efforts to upload evidence, attend walkthroughs, and facilitate internal communications should be highlighted.

Next, move into a review of the project. State the project objectives and how you hit them. Confirm that the client has received their findings and they know what to do with them. If necessary, spend some time discussing next steps for resolving the findings. Barring any independence considerations, this discussion could potentially lead to a contract expansion for remediation support.

Spend some time gathering feedback on the project. Hopefully nothing comes as a surprise to you based on the homework you did earlier. Be prepared to address any missteps head-on and discuss how you’ll avoid them in the future. Discuss how you can modify your approach going forward to continue providing value.

If you included any marketing collateral such as quotes, testimonials, or case studies in your contract, make sure you have a plan to get those done. It could be a simple follow-up email, or you may need to schedule some follow-up meetings. This is also a good time to mention that you would appreciate any referrals to other businesses.

Finally, talk about next year. Assuming the client is looking to do this same project again, ask about their plan. If you are not on a multi-year contract, you’ll need to talk renewal. Generally, it’s best practice to get a separate meeting set up to discuss this. That way you can make sure you have the right audience and not feel rushed in the closeout. Try to get this call scheduled before you leave the closeout.

Hosting the Renewal Meeting

Once you’ve closed out your project, you will want to move quickly into renewal discussions. Left up to the client, they very well may wait until the last minute to get a new contract in place. Predictability for your schedule and income are important, so push your client to move faster.

Be clear on why it’s important to you, and communicate that a rushed contract is a less favorable contract. At a minimum, you want to understand their willingness and timeline for renewing with you.

Assuming you get a call set up, audience and agenda are once again critical. Include your main point of contact and the executive sponsor. Send over an agenda so they know what to expect.

Once you’re in the call, cover these topics:

• The scope & timing for next year. Understand if any new products or locations may be coming into scope. Explore any new compliance obligations they are looking into or actively adding on. These are excellent opportunities to increase your contract value. Be sure to clarify if anything will be shifting with the project timeline.
• The contracting timeline. Lots of things can affect the timeline. Budgeting cycles, competitive bids, and an unclear scope could all cause this to take longer. The important thing here is to know when things are happening so that you can work with your client instead of being left in limbo.
• Any policies around auditor rotation. A three-year auditor rotation policy is not uncommon. If you are facing headwinds due to auditor rotation, you have a couple of options. For one, you can propose a different approach. Give your client assurance that you aren’t just looking at the same things every year. Secondly, offer to shift your services to something else. You should have a good idea of their environment. Use this to your advantage as your client considers other frameworks, new products, or any other changes to their program.

Always leave the call with clear next steps. An ideal renewal meeting results in a straightforward ask for a new statement of work. But if your client has valid reasons for delaying the process, work with them. Sometimes there’s not much you can do outside of giving it a few months and then reaching back out. Ultimately, just position yourself and your client as being on the same team and stay on top of any action items on your plate.

Conclusion

Your project closeout is the culmination of weeks, if not months, of hard work by you and your client. Celebrate that fact. Do everything you can to make sure your client leaves happy and knows what comes next. Leverage the goodwill you have built to transition into a renewal conversation. Because ultimately your client’s success is also your success.

Want to see our closeout templates? Drop a note here and we’ll send them over. Plus, we can jump on a call to tailor the templates to your specific project.