Frequently asked Questions: Trust Centers

  • Updated

How do I choose between using a private vs. a public Trust Center?

  • You should use both! If you know who you want to send security information to, you can share it directly from the Trust Center's homepage.
  • If you want to create a public security page that anyone can access, you can enable a public view. With a public view, anyone with the link could access the information. You have the option to control who has access to your documents. This gives you the most flexibility, so you only get requests from genuinely interested people.

How long does it take to set up?

  • Depending on how many FAQs you want to input and how much documentation you wish to upload from outside of Vanta, getting set up with Trust Centers can take as little as 10 minutes to complete.

We don’t have our SOC 2 yet; what sort of documents should I include?

  • Trust Centers are excellent for customers who don’t yet have their SOC 2 but want to be able to showcase the steps they are taking to be compliant. Trust Centers will automatically include all tests and controls you have set up for continuous monitoring. 
  • The security questions prospects and customers often ask for
  • Upload any previous security questionnaires
  • Links to your privacy policy
  • The data your company does and does not collect

Can I pick what controls are being continuously monitored?

  • Not at this time. 

Do I use your NDA, or can I use my own?

  • Vanta allows you to use your NDA to gather signatures for all sensitive and confidential documentation uploaded to your Trust Center.

Can anyone fill out an NDA to access my SOC 2?

  • Anyone can request access and fill out an NDA, but only a Vanta admin/editor can provide access to the secured documentation. 

Can I use Trust Center to fill out a security questionnaire?

  • Much of the information within your Trust Center should help inform and speed up the process of completing a security questionnaire. Many Vanta customers have found that by proactively sending their Trust Center either before receiving a security questionnaire or immediately following, they have avoided the request altogether before closing the deal.  
  • If you need help filling out security questionnaires, consider investing in a questionnaire automation solution. 

If I reactivate Trust Center later, will my old content reappear? 

  • Yes, all the information you had previously included in your Trust Center will repopulate. This includes the logo, company information, documents, links, and FAQs. Your monitoring indicates when your system was last updated.

Can I provide an employee with access solely for managing external requests related to Trust Center documents?

  • Yes, an internal role known as Sales Admin is available, which administrators and editors can utilize. This role empowers individuals to oversee external access requests concerning Trust Center documents and analyze the activities’ stats.