📋 Prepare to create a profile

• Self-assessments on pertinent industry standards, such as the VSA, CAIQ, SIG, CIS, and/or HECVAT. These are available in the Questionnaires tab of the platform. After you have completed the self-assessment, you can add the completed questionnaires to your Whistic Trust Center.
• Gather all documentation that supports your security posture, such as certifications, audits, etc. You will be able to upload these to your Whistic Trust Center.

🚀 Steps

Once you have gathered or completed all of the information that you want to share, you can start building your Whistic Trust Center.

1. Use the Trust Center dropdown at the top of the dashboard and select Trust Centers.

Select Edit and you will see fields similar to these. Below is some information on each of the fields.

A - About - Describe your Trust Center. This will be visible to profile recipients. This section will allow most text formatting and styling. There is no character limit for this section, but it only allows text. Images will not display.

B - Audits & Certifications - Add badges to your profile that show your audits and certifications. Click HERE for available certification badges.

C - Questionnaires - Select Add Questionnaires. This will give you the option to choose the questionnaires that you want to add to this Trust Center. The list includes self-assessments and other questionnaires you have completed. Click HERE to see how to remove a questionnaire (Step 6 in the linked article).

D - Additional Documents - Upload additional supporting documentation that will be helpful for those who will view this Trust Center. Click HERE for details.

E - Assurance Center - The Whistic Assurance Center is an organized summary of content contained within a Whistic Trust Center, arranged in accordance with the Whistic Control Framework to help Trust Center recipients locate the information that is most relevant to them and help them answer questions as quickly as possible, potentially negating the need for an additional questionnaire to be completed. Click HERE for details.

F - Security Team - Let others know who manages this Trust Center. To be added, each user will already need to have an account that is connected to this company. It is helpful for each user to upload their own picture to their account, so when they are added to the Security Team section, profile recipients get a personal look at who this is coming from. 

Note: Should you wish to change the Security Team Header to something more generic, you can edit the header for this section by clicking Edit at the top of the Trust Center page and selecting the pencil icon next to Security Team.

G - Trust Center Quick Links - You can use this feature to quickly jump to the various sections of your Trust Center.

H - Additional Settings - Select the three dots in the top right corner. This will give you the option to Create a new Trust Center, Duplicate the current one, or Archive it. 

Warning: In order to recover an archived Trust Center, you will have to reach out to support@whistic.com. If you just want to disable this Trust Center, refer to the Trust Center Configuration. Also, you can archive a Trust Center if it is not the only one.

⚙️ Trust Center Configuration

When you're ready to start making changes to settings, simply select the Settings tab at the top of your profile. Below is a brief description of each setting and how it can be used.

1️⃣ Trust Center Name and Description

Trust Center recipients will see your Trust Center Name on the Trust Center, the Dashboard, and in email notifications.

This will help viewers distinguish between multiple Trust Centers. You'll notice your company name is now pre-populated in the field to help with naming standardization. The internal Trust Center Description field will still be available for your internal use.

You can use the Description field to describe the Trust Center for internal use, such as what the Trust Center contains or sharing instructions.

2️⃣ Trust Center Status

Your Trust Center must be Active to share the Trust Center using the Share button or links. Inactive status does not affect sharing to the Trust Center Exchange or Salesforce or API integrations. When Inactive, only Admin users will be able to access.

3️⃣ NDA

Upload an updated version of your NDA. We recommend this feature as best practice, especially when you're sharing secure information. NDAs are only required once for all Trust Center shares and recipients within a company domain (accounts).

4️⃣ Trust Center Access Expiration Date

Set a custom time frame in which your Trust Center will expire. We recommend this feature as best practice, especially when you're sharing secure information.

Once your Trust Center is shared, the viewer will only be able to access it within the time frame you have set (example: 3 weeks). The expiration starts from the shared date and will be set to end access depending on the timeframe allowed, regardless of when the recipient registers on Whistic and/or views the Trust Center.

Additionally, you can set the notification that the viewer will see if you preview the Trust Center, and it will show the date based on the time frame you have set (Example below).

5️⃣ Trust Center Updates

This section allows you to choose if you want your Trust Center recipients to access the current version of the Trust Center only, or if you will allow them access to changes and updates to your Trust Center. This can be updated at any time during the sharing process.

6️⃣ Publish to Trust Center Exchange

Enabling this places your Trust Center on the Whistic Trust Center Exchange so that prospective vendors and other customers can find it without having to reach out to you.

7️⃣ Trust Center Link

Allows you to share a static link via email or post a link to your Trust Center on a website which will notify an admin each time new customers attempt to access the Trust Center for the first time. When Require Admin Approval is switched on, an admin will need to approve the request for access to your Trust Center.

8️⃣ Public Trust Center

Allows your customers to access parts of your Trust Center without having to register as a user on the platform. Learn more HERE.

9️⃣ Partner Sharing

By sharing your public Trust Center link with partner SaaS marketplaces, your security posture can become a competitive advantage early in the buying cycle.

🔟 Salesforce

By enabling it in Salesforce, your sales team will be able to share this Trust Center from your company's Salesforce instance. Please provide them with a description of the Trust Center so they have an idea of what they are sharing. Reach out to your Customer Success Manager or support@whistic.com for more details.

1️⃣1️⃣ Public API

Enabling this feature will allow for scalable 3rd party integrations via the public API.

🤝 Sharing a Trust Center

You can share the Trust Center by selecting Share at the top. You will be prompted for the name of the person that you want to share it with, their email address, and their company URL. You can also share with multiple people from different companies at the same time.

📦 Archiving a Trust Center

Archiving a Trust Center only visually removes that Trust Center from your view and access. It does not affect users that have previously been granted access to this Trust Center, or explain this to the viewers who may access it again.

📚 Additional Resources

• To learn more about how to share a Whistic Trust Center, please click HERE.