Questions about Trust Reports? Please take a look at some of our most commonly asked questions below!

How do I choose between using a private vs. a public Trust Report?

• You should use both! If you know who you want to send security information to, you can share it directly from the Trust Reports homepage.
• If you want to create a public security page that anyone can access, you can enable a public view. With a public view, anyone with the link could access the information. You have the option to control who has access to your documents. This gives you the most flexibility, so you only get requests from genuinely interested people.

How long does it take to set up?

• Depending on how many FAQs you want to input and how much documentation you wish to upload from outside of Vanta, getting set up with Trust Reports can take as little as 10 minutes to complete.

We don’t have our SOC 2 yet; what sort of documents should I include?

• Trust Reports are excellent for customers who don’t yet have their SOC 2 but want to be able to showcase the steps they are taking to be compliant. Trust Reports will automatically include all tests and controls you have set up for continuous monitoring. 
• The security questions prospects and customers often ask for
• Upload any previous security questionnaires
• Links to your privacy policy
• The data your company does and does not collect

Can I pick what controls are being continuously monitored?

• Not at this time. 

Do I use your NDA, or can I use my own?

• Vanta allows you to use your NDA to gather signatures for all sensitive and confidential documentation uploaded to your Trust Report.

Can anyone fill out an NDA to access my SOC 2?

• Anyone can request access and fill out an NDA, but only a Vanta admin/editor can provide access to the secured documentation. 

Can I use Trust Reports to fill out a security questionnaire?

• Much of the information within your Trust Report should help inform and speed up the process of completing a security questionnaire. Many Vanta customers have found that by proactively sending their Trust Report either before receiving a security questionnaire or immediately following, they have avoided the request altogether before closing the deal.  
• If you need help filling out security questionnaires, consider investing in a questionnaire automation solution. 

If I reactivate Trust Reports later, will my old content reappear? 

• Yes, all the information you had previously included in your Trust Report will repopulate. This includes the logo, company information, documents, links, and FAQs. Your monitoring indicates when your system was last updated.

Can I provide an employee with access solely for managing external requests related to Trust Report documents?