Getting started with Secureframe Trust Center

A trust center is a public web page for companies that store information to share details about their practices, policies, and procedures on privacy, security, transparency, and compliance with existing and potential customers. It is the one-stop shop for customers that want answers about how their data is stored and safeguarded and is a proactive, interactive way to showcase real-time security posture instead of being merely reactive to requests. 

See Secureframe's Trust Center for a live example. 

How do I unlock the Trust Center features?

The free tier of Trust Center comes standard with all Secureframe Comply Fundamentals plans, while Advanced Trust Center comes with Comply Complete plans. You may purchase Advanced Trust Center as an addon to your Fundamentals plan at any time (reach out to your account manager). Customers who purchased a Secureframe Trust/Essentials/Growth/Enterprise plan before this will receive all new paid features through the end of the current contract period. 

Free tier Trust Center users get the essential features to take the product for a test drive:

  • Custom domain
  • 15 document requests per year counted from the anniversary of your contract start date
  • A beautiful new site layout
  • NDA approval workflow and requestable documents
  • Notification customization

Advanced Trust Center customers have all of the above but also gain access to:

  • Unlimited document requests per year
  • API access to Trust Center document requests and provisioning
  • Custom HTML sections
  • Custom global CSS styles
  • Powerful request automation workflows through Zapier partnership
  • All future paid features

Talk to your account manager or customer success representative if you would like to upgrade or see a DEMO of our fully-featured Trust Center!

Manage document requests

On the Trust Center page, the Requests tab is where you can see pending document requests and create a new request.

 To approve a request:

  1. Find the row with the document you’d like to approve.
  2. Click the Make decision button. A pop-up will appear showing all the documents that are a part of the request.
  3. Mark the document as Denied or Approved by clicking the corresponding bubble in the document row.
  4. Click Save. Finished documents will show a status of Decisioned along with a timestamp and name of the approver.

If you’d like to send documentation about your security posture to a prospective customer, you can do so without asking them to submit a request through your trust center site. Creating a request here allows you to send an email with links to the relevant documents, with an NDA if necessary.

To add a request:

  1. Click the +Add Request button. 
  2. In the pop-up, enter your requester information. Starred fields are required. 

 

  1. Click Next.
  2. Use the search field to find and select your uploaded documents in Secureframe. Click Send Documents

What happens when you hit your document request limit

You will still continue to receive requests from your Trust Center, but you must upgrade your plan to unlock them. Once you've upgraded, you will be charged a "use" to unlock each request from your total yearly allotment.

Screenshot 2023-12-06 at 4.29.32 PM.png

Advertise your controls and security practices

The Monitoring section in the Site Designer is where you can review your controls and their associated tests configured in the Secureframe platform. The control’s health is determined by the number of passing tests within it. You can control the public visibility of passing tests.

 

Screenshot 2023-12-06 at 3.57.56 PM.png

 

Screenshot 2023-12-06 at 3.58.01 PM.png

To hide a passing test on the web page:

  1. Click the eye symbol to show or hide a passing test on the Trust Center web page. This reflects immediately on your trust center site after you publish changes.

Note that failing and unhealthy tests/controls are automatically hidden after 30 days. If you need to share unhealthy or failing controls with clients or prospects you can export your controls by going to the Controls Page, then click the Export button in the top right corner. 

Configuring your Trust Center settings

A number of tools to manage the content and themes of your Trust Center web page are available on the Settings tab. You are able to:

  • Designate a custom URL for the Public Trust Center
  • Upload an NDA document
  • Add a Favicon
  • Add links for privacy policy and terms of service information
  • Access the Site Designer
  • Publish the Trust Center page

Designate a custom URL for the Public Trust Center

The automatically created Public Trust Center URL (your_organization.secureframetrust.com) will display your Trust center, but you may also choose a custom URL ( trust.your_organization.com).

Navigate to the Settings tab and scroll down until you see DNS Settings then select "Setup custom domain"
01a.png

Now enter the Custom Domain you would like to set and click next.
02.png

Now navigate to your website host provider's DNS settings and create a CNAME record with the CNAME Key & Value of your Custom Domain.

03.png

Note: In some cases, Cloudflare customers are getting an error "cname cross-user banned error" when setting up a custom domain for trust.

If you receive this error, please use this webform to get into contact with their Abuse team. 

We have also attached an article from Cloudflare regarding this issue here


How to upload an NDA in your Trust Center

Visit the Trust Center located in your left navigation, then click the gear icon in the top right corner. Now click the NDA Tab and upload your file (PDF Only). 

When an NDA has been added in Secureframe, it will automatically be used in the document request flow when you check the Require request for access Resource in the Site Designer.

Screenshot 2024-07-25 at 12.58.15 PM.png

When a request arrives for a document with a required NDA, admins will see the Document security dropdown on the approval pop-up offering these NDA options:

  • Require clickwrap NDA
  • Waive NDA
  • NDA signed outside of Secureframe

It's important that you set both email notifications and reply to's in the event there is an issue or your customers/prospects have questions. 

Under Trust Center settings, click on the Request tab, then check those who apply next to Receive Notifications and Reply to.

NOTE: If your organization requires a formal eSignature provider, Secureframe recommends using DocuSign, HelloSign, AdobeSign or similar vendors.

Secureframe collects the following metadata fields from signatories during document approval:

  • Full name
  • Work email
  • Business name
  • Job title
  • Confirmation the signer understands NDA terms and agrees to them (via checkbox)
  • Version of NDA signed
  • IP address of signer
  • Timestamp of signature

This information can be provided to admins upon request. Reach out to Secureframe Support or your Customer Success Manager if you require signatory metadata.

The customer experience of submitting a document request

Once your Trust Center is published, customers will be able to see valuable Security & Compliance related information like Control Monitoring, your achievements (SOC, ISO, etc), your Subprocessors, and the ability to request documents

We do recommend that you go through the document request process yourself to ensure a smooth experience for the customer. 

  1. Head to your new Trust Center webpage (ex, see our Secureframe Trust Center here)
  2. Then scroll down to the Resource section and click Request next to the applicable document. 
  3. Then select one or more of the documents you would like to request and click Continue
  4. Fill in the applicable fields and click on the Terms to Submit Request.

Frequently Asked Questions (FAQ)

I tried to access the Trust Center and it says "Unlock Trust Features."

  • This could mean that your current subscription tier does not include access to those features and an upgrade may be required.
  • This could also mean that your organization had a free trial at some point which may now be expired, in which case those features are now hidden. 
  • Feel free to contact our Account Management team to discuss further details and or to see a DEMO at accountmanagement@secureframe.com

Why am I getting a an error cname cross-user banned error when trying to add a custom URL to Trust Center domain?

  • In some cases, Cloudflare customers are getting an error cname cross-user banned error.
  • If you receive this error please use this webform to get into contact with their Abuse team.
  • We have also attached an article from Cloudflare regarding this issue here

Related to

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.