Skip to content

5 Tips for Making a Great Trust Center

Vendors face some key challenges when it comes to improving the speed, volume, and quality of their security assessment requests. While these challenges aren’t going away, vendors and third parties can more effectively utilize a trust center to reduce the headaches and friction in the process. In this article, we’re going to take a look at these challenges and discuss five ways you can improve your trust center to tackle them. 

Challenge 1: More vendor risk management (VRM) and Governance, Risk, Compliance (GRC) software

In our recent Third-party Risk Management Impact Report, 88% of companies mentioned using a software solution to assist in their third-party risk management program. These kinds of solutions can be a big help to buyers out there, but the expansion of TPRM and GRC tools also have a big impact on vendors.

Sometimes, that means greater complexity in the process. If you are responding to security assessment requests from a customer, you may be logging into many different systems—and managing log-ins, access, and permissions. And if you ever have any changes to a policy or a new regulatory requirement, you may have to make those updates across several different systems. 

You may also not have full control over that access. For example, a sales rep may be able to share security information in a system that your InfoSec team doesn’t even know about. This increases the risk that sensitive or inaccurate information gets transmitted, which can lead to more back and forth and slow down the sales cycle. 

Challenge 2: Customized security questionnaires

Seventy-four percent of companies use some kind of standardization or custom questionnaire as part of their vendor assessment process. Standard questionnaires make it more difficult to utilize the existing security documentation you have because it may be in a different form than your client needs. That gives you two options: manually respond to a time-consuming questionnaire or pass that manual work along to your customer or prospect. Neither option is ideal.

The questionnaire isn’t going away, and there’s actually a good reason for that. Many of your customers have small TPRM teams and specific compliance requirements of their own. A questionnaire reflects all their risk-management needs and can be a convenient way to capture and organize security data—making it more manageable for resource-strapped teams.

Key elements of an effective trust center

Since questionnaires are here to stay, the most effective way to improve your response process is to make it easier for your customers to get the answers they need—and make it easier (and safer) for you to give them those answers. 

An effective trust center can help you accomplish both those goals. Our research shows that 74.5% of companies that proactively sharing a well-crafted trust center can jumpstart the assessment process and eliminate at least half of incoming questionnaires. That means:

  • No more last-minute late-nighters filling out a questionnaire to get a deal closed
  • Accelerated sales cycles and more opportunities for revenue
  • Time back to InfoSec to focus on protecting the business

The opportunity is huge, so let’s dive into five ways you can maximize your trust center to improve the VRM process. 

Tip 1: Upload all your documentation to your trust center

Sounds simple, but the bedrock of an effective trust center is the easy accessibility of information. When all your documentation is in a single place, it’s easier for you to manage. And your customers will be able to access all the documents they need and port them into their own systems. That means you won’t be responsible for managing as many log-ins or platforms. 

Some of the most common documentation to include in your trust center are:

  • General InfoSec policy docs
  • Certifications or audit reports (like SOC 2 or ISO 27001)
  • Pen test results
  • Information about your sub processors
  • Insurance information
  • Commonly requested documents 

A well-stocked trust center can also be an internal tool because it acts as a single repository for all your security needs. Rather than scrambling for answers from disparate drives and shared spreadsheets, your Sales, IT, and Security teams now have a single source of truth. And if you need to make changes, you make them once—not over and over. 

Tip 2: Upload completed security questionnaires

If you’ve done the legwork of responding to previous questionnaires, those responses can be useful to your customers and save you the effort of repeating your work. While many companies add customization to their questionnaires, they are often largely based on an existing standard, so your answers will likely apply to large sections of additional questionnaires.

This also means you can pre-respond to 2-3 of the most common standards from your industry and populate your trust center with those responses. That’s a great way to share a huge amount of information in a single place. Even if your customer does insist on a “custom” questionnaire, you can anticipate (and already have responses for) a lion’s share of the questions. That greatly reduces the burden of the assessment.  

Tip 3: List any audits or certifications that you are working toward

As the name implies, a trust center is all about building, ya know…trust. It’s giving your customers the confidence that you’re a safe bet to do business with, and showing your progress toward industry-relevant certifications is a great way to inspire confidence. Include a section of your trust center that details certs in progress and an expected date of completion. 

Tip 4: Control access to your trust center

Your security information is essential for your customers, and transparency with them can build strong, profitable relationships. But you also don’t want to give away your entire security gameplan (complete with vulnerabilities) to the bad guys out there. You want to be as transparent as possible without cutting corners on business safety. 

Select a trust center option that allows you to control access AND share important information with the right parties. For example, your trust center can be built to include a link to your full SOC 2 report but also require that users request permissions (you can also pre-set permissions if you’re certain about who needs access). You can also set up alerts when certain docs are viewed. This can be helpful in maintaining visibility across the VRM process. 

And access control is good for internal stakeholders, too. That way, you can ensure that Sales teams only have access to accurate, up-to-date information (and that they can’t make any changes without you knowing). 

Tip 5: Put your trust center where customers are looking

At a retail store, the space at the end of the aisle is prime real estate for products. Everyone in the story walks by and may be inspired to make a purchase.

Well, a similar effect is true for your services. Your customers make purchasing decisions based on numerous factors—including your security posture. Be sure they can find it wherever they find you (or your competitors). Marketplaces like G2 or TrustRadius are great places to include your trust center link, so customers can know at a glance which vendors meet their security needs (and which ones don’t).

p.s. It’s also worth remembering to share your trust center directly on your website if you’re not currently doing so. 

Looking for a trust center upgrade? Try Whistic for free!

These simple steps can improve engagement and reduce VRM friction for any kind of trust center. But if you’re looking for a quick upgrade with a few enhanced capabilities for free, Whistic may be your answer. 

We’ll set you up with an absolutely free Whistic Trust Center. It’s a powerful tool to meet your customer trust goals, and includes:

  • Access to a growing library of more than 40 industry-standard questionnaires, so you can add answers to common standards to your trust center.
  • Trust center visibility across marketplaces like G2, trackable links to your own website, and the Whistic Trust Catalog—our fully searchable network of thousands of vendors.
  • Display badges for certs and the ability to link to supporting documentation.
  • Full access control and access tracking—you’ll have admin oversight; the ability to track users, views, and requests; deny access; and view a complete history of people who’ve seen your trust center.

The Whistic Platform also makes it possible to assess your own vendors with AI-powered automation in Assessment Copilot, so you can streamline both sides of the VRM process from a single place. You can get started with your free Whistic Trust Center today; you can even meet with one of our experts to ensure you’re getting maximum value. 

Interested in AI powered security assessments? Just grab some time with our experts and we’ll show you how it works!

Trust Center Customer Trust