Trust portals, trust centers, trust pages - all different ways to describe the same thing. A trust center is a centralized place (typically a hosted webpage) for potential customers to find information about a vendor's security posture.
Most trust centers feature high level information about a vendor’s security compliance and policies like if they have a SOC 2, conduct penetration tests, and their approach to securing their software or business. They also enable vendors to share downloadable documents and content with their customers for their due diligence security reviews.
Trust centers serve two purposes:
- Showcasing a company's security posture transparently to build trust faster
- Providing an automated (less manual) way of sharing sensitive documents and security information
The rise in trust transparency and use of trust centers
The rise of cybersecurity breaches and concern over data privacy and AI has pushed prospects to conduct security due diligence on almost every vendor they are evaluating to buy software from. That’s why on any SaaS company website today, you’ll likely find a dedicated security page with a call to action to “contact us to get the security documents you need for your review”.
While that may suffice for some companies, the truth is that with the growing number of due diligence requests that include both sharing of documents like the SOC 2 and completing a security questionnaire, many information security and sales teams are bogged down with the manual effort it takes to complete these requests.
This has led to more and more companies using an automated trust portal instead of a manual process to automate the worst, most manual parts of the customer security review.
What are the different types of trust center software out there today?
- Automated trust portal software. This is software specifically designed to share secure information (like a SOC 2 or other security documents and FAQs) behind a clickable NDA.
- Compliance/GRC software that has a trust center or trust page included as part of their offering. This is exactly as it sounds. Many compliance automation platforms out there that are used for completing SOC 2 audits, monitoring controls, and other compliance related activities have added trust centers as part of their platform.
Features to look for based on needs
What type of automated trust center you need will depend on the size of your teams, volume of document requests, complexity of process and how much of the process you want to fully take off your plate.
Most dedicated trust portal software providers have automation features that support teams of all sizes - including massive enterprise teams spanning dozens of departments.
The trust centers that are an ‘add-on’ to a larger GRC/compliance automation platform typically have the “table stakes” feature functionality but lack more enterprise-grade features.
Table stakes features:
If you’re under 50 employees and only have a few requests per month, you can get by with table stakes features.
Every trust center platform you're evaluating should at least do these things:
✅ One URL link to share
✅ Custom branded domain - usually trust.company.com or security.companyname.com
✅ One click-NDA to gate access to sensitive information
✅ Auto-watermarking of documents when downloaded
✅ Your customers DON’T have to create an account to access gated info
✅ Supports sharing documents + searching through questions/answers & FAQs
✅ A professional looking UI that showcases all aspects of your security posture
Additional high value automation features:
If you’re scaling and receiving hundreds to thousands of requests a year, there’s a set of scale features and capabilities that become critical:
💥 Option to let customers self-serve their own questionnaires using AI-generated answers from portal content
💥 Setting specific access groups on documents and knowledge base questions
💥 Integration with Salesforce, Slack to easily approve requests to access gated documents + sales teams can get status updates, search for one-off questions to support customers, etc
💥 A knowledge base with controls to make certain info public vs. internal use only
💥 Shareable link to a specific document (not just the portal)
💥 Ability to tag documents to a different product lines
💥 Analytics dashboards - see trends, customer activity, what topics & documents are most popular
💥 Custom white-labeling - really make it your own with operational/support emails coming from your domain, custom fonts, etc.
Customer security review metrics to consider in your evaluation
You can’t improve what you’re not measuring so what should you measure to determine ROI and effectiveness of your trust center software?
- Total Turnaround time. The time it takes you from the moment documents are requested to when they get to the customer. Have a baseline so you can compare the before and after.
- How long the NDA takes to execute before sensitive documents can be sent. As part of the turnaround time above, the back and forth of this step typically takes the longest.
- Percentage of deals that require NDA redlines. Most trust centers can solve this pain pretty easily with a one-click NDA specifically scoped to just the documents. The higher this percentage, the more efficiency gains to be had.
- Days in the sales cycle. Another way of measuring turnaround time and efficiency. Trust centers can help shave days off of the sales cycle.
- Number of security questionnaires you receive/year. This will fluctuate, but at the very least, it’s a baseline to help calculate the percentage of deals that typically need a security review to close and help estimate if you are reducing the number of questionnaires prospects are sending.
- Number of internal requests to answer one-off questions. Some trust portals can host questions and answers for prospects to review (or even provide instant AI generated answers to entire questionnaires like ours) so you can reduce the volume and time spent on answering questions for customers.
What's next?
With the increasing prevalence of data breaches and cybersecurity worries, trust centers have become a key component to facilitating thorough customer due diligence reviews for fast growing teams.
Acting as a central hub, these centers offer potential customers valuable insights into a vendor's security posture and compliance measures.. These platforms provide vital information on security policies, compliance, and easily accessible downloadable documents, meeting the growing demand for transparency.
The evolution of trust centers has given rise to a range of software options, from standalone automated solutions to integrated choices within broader compliance platforms. How to choose the right software for your team will depend on multiple factors such as team size and request volume and what types of metrics you’re trying to improve. With all the options out there, the choice is yours!
----
Try Conveyor for free and spin up a trust center in less than a day. You’ll find all the typical bells & whistles + enterprise-ready features and we’re the only GPT-powered trust portal that lets your customers upload entire questionnaires for AI-generated answers based on your portal content.