Public Trust Center Docs in VRM

The Public Trust Center Docs feature is available in the VRM Pro plan, designed to simplify the vendor security review process. With this feature, you can now directly import public Trust Center documents into Vendor Risk Management (VRM), reducing the steps required to gather vendor evidence and speeding up the review process.

 

Key Benefits & Competitive Advantage

  • Extensive Trust Center Network. Vanta offers the largest network of Trust Centers, giving VRM users seamless, integrated access to Trust Center documents.
  • Faster Evidence Gathering. This feature streamlines the evidence-gathering process, allowing users to complete security reviews more efficiently and with less manual effort.
  • Scalable Network Effects. As Vanta continues to grow, the expanding network of Trust Centers will provide increasing value, offering more resources to VRM users.

How This Impacts You:

By cutting down the time spent gathering evidence, this feature helps you speed up security reviews and focus more on managing risks and making informed decisions.

 

How It Works

Follow these steps to import public Trust Center documents directly into VRM:

  1. Start your security review on a vendor with a Trust Center.
    If the vendor has a public Trust Center, a banner will appear, promoting this new feature. You can dismiss this banner, but the “Add from Trust Center” option will remain available in the dropdown menu.
    Add from Trust Center option

  2. Click the dropdown to see the “Add from Trust Center” option. After clicking this option, you'll be able to choose which public documents to import directly into your security review.
    Select Trust Center Docs

  3. Select the document you wish to import, and it will be automatically added to your security review. This eliminates the need for you to manually download and upload documents.

 

FAQ

What about private Trust Center docs?

  • Private Trust Center docs are coming next! We hope to deliver a similar feature for private TC docs by the end of Q4. Users will be able to request private documents directly.

Will all available docs automatically be pulled in?

  • No, users will have the choice of which available public documents to import from the Trust Center. This prevents unnecessary clutter in your VRM.

What happens if a vendor changes a document or uploads a new version?

  • Once a user has imported a document into their security review, that document will remain static. The list of available Trust Center docs will always reflect the latest versions on the Trust Center, ensuring your reviews are up-to-date.

What about other data on Trust Centers like subprocessor lists, controls, and FAQs?

  • We are prioritizing the addition of more Trust Center data and will continue to improve the integration in H1 of next year.

What about private Trust Center pages?

  • 95% of all Trust Centers are public, so we are focusing our efforts on those first. Private Trust Centers will be considered in the future.

Updated