Skip to main content
🎉 Check out our latest January Release 🎉 Here

Search

Welcome to Whistic Support

Setting Up Your Whistic Profile

  • Updated

Table of Contents

Summary

Your Whistic Profile allows you to proactively gather and send your crucial security information to customers and prospects. Once created you can control who has access to it for how long. You can also create multiple Profiles for specific situations and place sensitive material behind a build-in NDA workflow.

This article covers how you get started setting up your Whistic Profile.

Prepare to create a profile

  • Self-assessments on pertinent industry standards, such as the VSA, CAIQ, SIG, CIS, and/or HECVAT. These are available in the Questionnaires tab of the platform. After you have completed the self-assessment you can add the completed questionnaire to your Whistic Profile.

  • Gather all documentation that supports your security posture, such as certifications, audits, etc. You will be able to upload these into your Whistic Profile.

Steps

Once you have gathered or completed all of the information that you want to share you can start building your Whistic Profile.

  1. Select Whistic Profile from the left navigation menu.

Select Edit and you will see fields similar to these. Below is some information on each of the fields.

Screen

A - About - Give a description of your profile, this will be visible to profile recipients. This section will allow most text formatting and styling. There is no character limit for this section but only allows text. Images will not display.

B - Audits & Certifications - Add badges to your profile that show your audits and certifications. Click HERE for available certification badges.

C - Questionnaires - Select Add Questionnaires this will give you the option to choose the questionnaires that you want to add to this profile. The list includes self-assessments and other questionnaires you have completed. Click HERE to see how to remove a questionnaire (Step 6 in linked article).

D - Additional Documents - Upload additional supporting documentation that will be helpful for those that will view this profile. Click HERE for details.

NOTE: Any documents on your profile that are older than 18 months will acquire a small red badge that you will only see internally (it's not visible to your profile recipients). The way to get this removed is to update the document by first creating a new file name and then re-uploading. The system will recognize this and remove the badge. Example:
Screenshot 2024-10-09 at 10.53.14 AM.png

E - Assurance Center - The Whistic Assurance Center is an organized summary of content contained within a Whistic Profile arranged in accordance with the Whistic Control Framework in order to help Profile recipients locate the information that is most relevant to them and help them answer questions as quickly as possible, potentially negating the need for an additional questionnaire to be completed.  Click HERE for details.

WCF1.2.png

F - Security Team - Let others know who manages this profile. To be added, each user will already need to have an account that is connected to this company. It is helpful for each user to upload their own picture to their account so, when they are added to the Security Team section, profile recipients get a personal look at who this is coming from. Note: Should you wish to change the Security Team Header to something more generic, you can edit the header for this section by clicking Edit at the top of the Profile page and selecting the pencil icon next to Security Team.

G - Profile Quick Links - You can use this feature to quickly jump to the various sections of your profile.

H - Additional Settings - Select the three dots in the top right corner. This will give you the option to Create a new profile, Duplicate the current one, or Archive it. Warning: In order to recover an archived profile you will have to reach out to support@whistic.com. If you just want to disable this profile refer to the Profile Settings. Also, you can archive a profile if it is not the only one.

Profile Settings

When you're ready to start making changes to settings, simply select the Settings tab at the top of your profile. Below is a brief description of each setting and how it can be used.

  1. Profile Name and Description - Profile recipients will see your Profile Name on the Profile, the Dashboard, and in email notifications.

    This will help viewers distinguish between multiple profiles. You'll notice your company name is now pre-populated in the field to help with naming standardization. The Internal Profile Description field will still be available for your internal use.

    You can use the Description field to describe the profile for internal use, such as what the profile contains or sharing instructions.

  2. Profile Status - Your profile must be Active in order to share the Profile using the Share button or links. Inactive status does not affect sharing to the Trust Catalog or Salesforce or API integrations. When Inactive, only Admin users will be able to access.

  3. NDA - Upload an updated version of your NDA. We recommend this feature as best practice, especially when you’re sharing secure information. NDAs are only required once for all profile shares and recipients within a company domain (account).

  4. Profile Access Expiration Date - Set a custom time frame in which your profile will expire. We recommend this feature as best practice, especially when you’re sharing secure information.

    Once your profile is shared, the viewer will only be able to access it within the time frame you have set (example: 3 weeks). The expiration starts from the shared date and will be set to end access depending on the timeframe allowed, regardless of when the recipient registers on Whistic and/or views the profile.


    Additionally, you can see the notification that the viewer will see, if you preview the profile, and it will show the date based on the time frame you have set (Example below).

  5. Profile Updates - This section allows you to choose if you want your profile recipients to access the current version of the profile only or if you will allow them access to changes and updates to your profile. This can be updated at any time during the sharing process.

    Note: Whenever you make an edit to a profile that is shared on a Subscription a new profile will be sent to each recipient when they go to review the new profile. These shares can be tracked by filtering for the "Auto Share" source in the Whistic Reporting suite, but they only show in Whistic reports once the recipient has viewed the updated profile.  Auto Shares will only occur when changes are made to the profile during the recipient's access period.  This will also extend the expiration date for access to the profile. If you do not wish to extend the expiration date, we recommend using the Snapshot setting instead of Subscription.

  6. Publish to Trust Catalog - Enabling this places your profile on the Whistic Trust Catalog so that prospective vendors and other customers can find it without having to reach out to you.

  7. Profile Link - Allows you to share a static link via email or post a link to your profile on a website which will notify an admin each time new customers attempt to access the profile for the first time. When Require Admin Approval is switched on, an admin will need to approve the request for access to your profile.

  8. Public Profile - Allows your customers to access parts of your profile without having to register as a user on the platform. Learn more HERE

  9. Partner Sharing - By sharing your public profile link with partner Saas marketplaces, your security posture can become a competitive advantage early in the buying cycle.

  10. Salesforce - By enabling in Salesforce, your sales team will be able to share this profile from your company's Salesforce instance. Please provide them with a description of the profile so they have an idea of what they are sharing. Reach out to your Customer Success Manager or support@whistic.com for more details.

  11. Public API - Enabling this feature will allow for available 3rd party integrations via the public API.

     

Sharing a Profile

You can share the profile by selecting Share at the top. You will be prompted for the name of the person that you want to share it with, their email address, and their company URL. You can also share with multiple people from different companies at the same time.

 

Archiving a Profile

Archiving a profile only visually removes that profile from your view and access. It does not effect any shares that have previously granted access to this profile or explain this to the viewers that may access it again.

FAQ

  • Why does my CrowdConfidence score vary for the same questionnaire?

    1. There are a few things that can cause this to happen:

      1. Comparing different assessment responses and profiles,

      2. Not updating your profile with the latest assessment,

      3. Not sharing your updated profile with customers.

  • Can I track changes to my profiles?

    • No, not currently, but we've queued this up for future consideration.

Additional Resources

  • For a video tutorial regarding creating a Whistic Profile, please click HERE.
  • To learn more about how to share a Whistic Profile, please click HERE

 

 

 

Related to