Trust Portal
Your public-facing security page that answers customer security questions before they even ask. Reduce inbound questionnaires and accelerate sales cycles by proactively sharing your security posture through a branded portal with controlled access.
Portal sections
The Trust Portal organizes content into four categories:
Overview — Certifications overview, security overview, product security features, privacy overview.
Compliance — Subprocessor list, compliance mappings, vulnerability disclosure policy, contact directory.
Documents — Assurance documents, architecture and data flow, vulnerability management, BCP/DR overview.
Footer — Change log, incident postmortems, legal disclaimers, feedback and escalation.
Setting up the portal
Navigate to Trust Portal settings
Go to Settings → Trust & Vendor Risk → Trust Portal tab, or access Trust Portals from the main menu.
Configure portal identity
Set the portal name, custom subdomain (e.g., trust.yourcompany.com), and branding (logo, colors, custom styling).
Enable sections
In the Portal Sections tab, check the boxes for sections you want to include. Sections are organized by category.
Set access modes
For each section, choose one of three access modes:
| Mode | Behavior |
|---|---|
| Public | Visible to all visitors without any access request |
| Requires Access Request | Locked — visitors must request and receive approval before viewing |
| Disabled | Hidden from the portal entirely |
Add content
Use the Content Manager to add text, images, documents, and structured data. Upload certifications, compliance mappings, and security documentation.
Publish
The portal goes live at your custom domain.
Access request process
For sections set to Requires Access Request, visitors see a lock icon. Clicking a locked section opens a request form where they provide their name, email, company, title, purpose, and optionally select a preferred approver. They can request access to multiple sections at once.
Managing access requests
Requests appear in Trust Portal → Access Requests with status Pending. Review each request’s details (requester info, requested sections, purpose, submission date) and either approve or reject.
When approving, optionally set an access expiration period (default 7 days). The system generates a secure access token and sends the requester an email with a link. When rejecting, provide an optional reason — the requester is notified with the rejection status.
Request statuses include Pending, Approved, Rejected, and Expired.
What’s included
The Trust Portal automatically surfaces certifications and compliance status (SOC 2 report availability, ISO 27001 certification, etc.), security practices (encryption, access control, incident response, data handling), subprocessors with data handling descriptions, published versions of policies you choose to share, and common security FAQs with pre-approved answers.
Configuration options
Control exactly what appears on your portal: select which certifications and reports are visible, choose which policies to publish (full text or summary), customize branding to match your company, enable access-request gating for sensitive documents, and add a request form for documents not publicly listed.
Best practices
Keep public sections informative but high-level — reserve detailed documents (SOC 2 reports, penetration test summaries, architecture diagrams) for access-requested sections. Review access requests promptly to maintain a good customer experience. Set appropriate expiration periods based on document sensitivity. Keep content current — an outdated trust portal undermines confidence.