Skip to main content
🎉 Check out our latest May Release 🎉 Here

Search

Welcome to Whistic Support

Understanding Trust Center Share Types & Key Features

  • Updated

Whistic offers multiple ways to share your Trust Center with customers, prospects, and partners. Each share type is designed for different use cases, from direct one-to-one sharing to automated integrations with platforms like Salesforce and Slack. Understanding which share type to use helps you efficiently distribute your security documentation while maintaining appropriate access controls.

This article defines the seven share types available in Whistic and when to use each method to best meet your sharing needs.

Table of Contents

📤 Direct Share (Whistic)

Direct Share is the standard method for sharing your Trust Center directly from the Whistic platform to specific recipients via email invitation.

Learn more on Sharing a Trust Center.

How It Works:

  1. Navigate to your Trust Center in Whistic
  2. Configure share settings if needed (expiration date, subscription vs. snapshot)
  3. Click the Share button at the top of the page
  4. Enter recipient details (name, email, company)
  5. Click Share to deliver the invitation

When to Use:

  • Sharing with specific customers or prospects one-to-one
  • When you need precise control over who receives access

Key Features:

  • Recipients receive an email invitation with a link to access the Trust Center
    • Requires recipients to register or log in to Whistic to access the information
  • Full tracking and management through the Shares menu
  • NDA enforcement (if configured)
  • Access expiration date control (if configured)
  • Subscription or Snapshot options for Trust Center updates
Note: Direct shares are tracked in your Customers menu under Trust Center > Shares, where you can view, edit, and cancel shares as needed.

🌐 Public Trust Center Share

Public Trust Center Share enables prospects and customers to preview your Trust Center without requiring immediate login or registration. Upon clicking on a document or questionnaire the recipient will be required to login and/or register to access the specific details.

Learn how to Setup a Public Trust Center

How It Works:

  1. Navigate to Trust Center from the top navigation menu
  2. Select the Trust Center you want to make public
  3. Click the 3-dot menu (...) and select Trust Center Settings
  4. Enable Trust Center Link
  5. Toggle on Public Trust Center
  6. Optionally enable Require Approval if you want to approve each access request once a user logs in or registers to access the details
  7. Copy the generated link to share on your website or with prospects

When to Use:

  • Posting your Trust Center link on your company website
  • Allowing prospects to self-serve access to your security information
  • Building trust early in the buying cycle
  • When you want immediate visibility with gated access to full details
  • Sharing with marketplace partners (G2, TrustRadius, Tropic, CloudEagle, Quolum)

Key Features:

  • Recipients can view a limited preview without logging in
  • Full access to documents and details requires registration
  • Optional approval workflow for access requests
  • Ability to unlock specific documents for public viewing (without login required)
  • Maintains tracking and reporting capabilities
  • NDA enforcement (if configured)
  • Access expiration date control (if configured)
  • Static link that can be embedded on websites
Important: When users click View, Download, or View Details on publicly available content, they will be directed to Whistic registration and login. You can optionally select which documents to make available without login. See example image below with the lock icon on the documentation.

☁️ Salesforce Share

Salesforce Share enables your sales team to share Trust Centers directly from within Salesforce, streamlining the sharing process during sales cycles.

Learn more about sharing your Trust Center from Salesforce.

How It Works:

  1. Your Whistic admin enables the Salesforce integration and generates an API key
  2. Your Salesforce admin installs the Whistic package and connects it using the API key
  3. Admins add the Whistic Profile Shares component to Account, Opportunity, Contact, or Lead pages in Salesforce
  4. Trust Center admins enable each Trust Center for Salesforce in Trust Center Settings
  5. Sales reps can now share Trust Centers directly from Salesforce records

When to Use:

  • Your sales team works primarily in Salesforce
  • You want to streamline Trust Center sharing during sales cycles
  • You need Trust Center shares tied directly to Salesforce opportunities or accounts
  • You want to remove the need for sales reps to have full Whistic admin access

Key Features:

  • Sales reps share Trust Centers without logging into Whistic
  • Shares are tied directly to Salesforce records (Account, Opportunity, Contact, Lead)
  • Multiple Salesforce instances can connect to a single Whistic account
  • Share tracking visible in both Salesforce and Whistic
  • Trust Centers must be Active and enabled for Salesforce to be shareable
  • NDA enforcement (if configured)
  • Access expiration date control (if configured)
  • Auto approval (if configured)

Requirements:

  • Salesforce feature must be enabled on your Whistic account
  • Trust Center must be enabled for Salesforce in Trust Center Settings
  • Salesforce integration must be properly configured with API key
  • Sales users need appropriate Salesforce permissions
Note: If sales reps need access to Knowledge Base and Smart Response features, they will need Whistic user privileges. Otherwise, they can share Trust Centers through Salesforce without Whistic access.

🔗 Requested Share

Requested Share occurs when prospects or customers request access to your Trust Center through the Trust Center Link, either from your website or a direct link you've provided.

Learn more about managing your Trust Center Requests

How It Works:

  1. Enable Trust Center Link in Trust Center Settings
  2. Optionally toggle on Require Approval to manually approve each request
  3. Share the generated link on your website, in emails, or with prospects
  4. When someone clicks the link and requests access, you receive an email notification
  5. If Require Approval is enabled, approve or decline the request from your Dashboard under Pending Trust Center Requests
  6. The requester receives an email granting or denying access

When to Use:

  • You want prospects to initiate access to your Trust Center
  • You've posted the Trust Center link on your website's security or compliance page
  • You want to qualify prospects before granting access
  • You need to track inbound security information requests
  • You want an approval workflow for Trust Center access

Key Features:

  • Static link that can be shared publicly or privately
  • Optional approval workflow - requests can be auto-approved or require manual approval
  • Notification sent to admins when new requests are received
  • Pending requests visible on Dashboard for easy management
  • All standard Trust Center controls apply (NDA, expiration, tracking)
  • Link can be enabled or disabled at any time

Approval Options:

  • Require Approval OFF: All requests gain immediate access to your Trust Center
  • Require Approval ON: All requests must be manually approved before access is granted
Note: Disabling the Trust Center Link does not remove access for those who have already registered and viewed your Trust Center. You must cancel their share through the Customers menu to revoke access.

💬 Slack Share

Slack Share enables Trust Center sharing and approval workflows directly within Slack using slash commands and notifications.

Learn more about sharing through Slack actions.

How It Works:

  1. Your Whistic admin confirms your account is qualified for Slack Actions
  2. A Slack Workspace Admin sets up the Whistic Slack App with incoming webhooks
  3. Admins configure designated Slack channels for Whistic notifications
  4. Enable Trust Center Shared and Trust Center Approval Requested webhook notifications
  5. Team members use /whistic approve or /whistic deny slash commands in Slack to manage Trust Center requests

When to Use:

  • Your team primarily collaborates in Slack
  • You want to streamline Trust Center approval workflows
  • You need visibility into Trust Center requests and shares across your team
  • You want to reduce time spent managing approvals in the Whistic interface
  • Multiple team members need to see and respond to Trust Center requests

Key Features:

  • Notifications appear in designated Slack channels when Trust Centers are shared or access is requested
  • Team members approve or deny requests using slash commands
  • No need to switch to Whistic platform to manage approvals
  • Confirmation messages appear in Slack when actions are completed
  • Requires Whistic API key for authentication

Slash Commands:

  • /whistic approve - Approve a pending Trust Center access request
  • /whistic deny - Deny a pending Trust Center access request

Requirements:

  • Account must be qualified for Slack Actions feature
  • Slack Workspace Admin permissions required for setup
  • Whistic admin access required to create API key
  • Webhooks must be properly configured
  • Designated Slack channel(s) for notifications
Important: Only team members with access to the designated Slack channel(s) can see notifications and use slash commands to manage requests. Slack Workspace Admins control channel access and therefore control who can manage Trust Center approvals via Slack.

🏪 Trust Center Exchange

Trust Center Exchange is Whistic's marketplace of over 90,000 vendor Trust Centers where companies can proactively publish their security information for Whistic customers to discover and import.

How It Works:

Publishing to Trust Center Exchange:

  1. Navigate to your Trust Center in Whistic
  2. Click the 3-dot menu (...) and select Trust Center Settings
  3. Toggle on Publish to Trust Center Exchange
  4. Your Trust Center becomes discoverable in the marketplace

Imported Trust Center Exchange:

  1. When a Whistic customer imports your Trust Center from the Exchange, it's automatically logged as a share so you can track who is reviewing your security information.
Screenshot 2026-01-08 at 5.16.23 PM.png

When to Use:

  • You want to make your security posture discoverable to prospective customers
  • You want to reduce inbound questionnaire requests by providing self-service access
  • You're looking to assess vendors without requesting information directly
  • You want to import vendor security information that's already available

Key Features:

  • Over 90,000 vendor Trust Centers available for discovery
  • Integration with RiskRecon scores and CSA CAIQ questionnaires
  • Automatic notification to vendors when their Trust Center is imported
  • Imports are logged as shares for tracking purposes
  • Recipients can re-access imported Trust Centers multiple times without counting as additional shares
  • Searchable and filterable by CrowdConfidence score, questionnaires completed, and more

What Gets Shared: When your Trust Center is imported from the Exchange, the importing company gains access to:

  • Completed questionnaires and self-assessments
  • Published certifications and audits
  • Any documents you've made available on the published Trust Center
  • RiskRecon scores (if applicable)
  • CrowdConfidence scores

Important Considerations:

  • Trust Center Status: Your Trust Center must be Active and published to the Exchange to be discoverable
  • Share Tracking: Imports from Trust Center Exchange are tracked as shares and appear in your Customers menu
Note: Publishing to the Trust Center Exchange makes your security information broadly accessible to all Whistic customers. Ensure your Trust Center contains only information you're comfortable sharing publicly with potential customers and partners.

🎟️ Guest Pass

Guest Pass is a secure way to temporarily share your Trust Center with recipients who cannot create a Whistic account, providing immediate access without requiring login.

Learn more about Guest pass here.

How It Works:

  1. Navigate to your Trust Center in Whistic
  2. Click the Share button at the top of the page
  3. Select Guest Pass as the sharing method
  4. Enter recipient details (name, email, company)
  5. Set the Guest Pass duration (how long access will remain active)
  6. Click Send to deliver the unique Guest Pass link

When to Use:

  • Recipients cannot create a Whistic account due to company policies
  • Recipients prefer not to register for another platform
  • You need to provide immediate access without registration barriers
  • You're sharing with external auditors, consultants, or temporary partners
  • Time-sensitive situations where registration delays would impact the sales cycle

Key Features:

  • Recipients access Trust Centers immediately without creating an account
  • Each Guest Pass has a unique URL specific to that share instance
  • Custom expiration timeframe that supersedes Trust Center Access settings
  • Recipients receive an email with direct access link
  • All Trust Center content is accessible (documents, questionnaires, certifications)
  • Tracked as "Guest Pass" source type in Shares and Reporting Suite

Important Considerations:

  • No NDA Enforcement: Guest Pass does not enforce NDA acceptance. Consider gathering an NDA manually if required.
  • Link Sharing: If the recipient forwards the Guest Pass email or URL to anyone else, that person will also have access. The link is not restricted to the specific recipient.
  • Admin Only: Only users with Admin permission can share using Guest Pass
  • Duration Override: The Guest Pass duration supersedes any Trust Center Access expiration timeframe you've set in Trust Center Settings
  • Access After Expiration: Once expired, recipients will see a page indicating access has expired and must contact support for an extension

Tracking Guest Pass Shares:

  • View Guest Pass shares in the Shares section by filtering for "Guest Pass"
  • Check when shares were most recently viewed in the Customers menu
  • Track Guest Pass as a source type in the Reporting Suite
  • Find the unique Recipient Access Link in the Customers menu under the specific share record
Note: You can cancel Guest Pass shares at any time following the standard process for canceling Trust Center shares. After cancellation or expiration, recipients must reach out to support if they need access extended.

FAQ

Q: What's the difference between Direct Share and Public Profile Share?

A: Direct Share sends a specific email invitation to known recipients and requires login to view any content. Public Profile Share provides a static link that anyone can use to preview your Trust Center without logging in, though full access to documents still requires registration. Use Direct Share for known customers and prospects; use Public Profile Share for website visitors and broader audience access.

Q: When should I use Guest Pass instead of Direct Share?

A: Use Guest Pass when recipients cannot or prefer not to create a Whistic account. Guest Pass provides immediate access without registration, making it ideal for external auditors, consultants, or prospects with restrictive account creation policies. Use Direct Share when you want NDA enforcement and when recipients can register for Whistic.

Q: Can I use multiple share types for the same Trust Center?

A: Yes. You can enable multiple sharing methods simultaneously. For example, you might have your Trust Center published to the Trust Center Exchange, a Public Profile link on your website, while also using Direct Share for specific customers, Guest Pass for consultants, and Salesforce Share for your sales team.

Q: Do all share types enforce the same NDA and expiration date settings?

A: Most share types respect your Trust Center's NDA and expiration date settings. However, Guest Pass does not enforce NDAs and the Guest Pass duration supersedes the Trust Center Access expiration timeframe. Public Profile Share enforces NDAs only when users register for full access. Trust Center Exchange imports follow standard Trust Center access controls.

Q: Which share type should I use for posting my Trust Center on my website?

A: Use Public Profile Share for website visibility. This allows prospects to preview your Trust Center without registration while maintaining control over who accesses full details and documents.

Q: How do I track shares across different share types?

A: All shares (regardless of type) are tracked in the Customers menu under Trust Center > Shares. You can filter by source type in the Reporting Suite to see shares by method (Direct, Salesforce, Slack, Guest Pass, Trust Center Exchange, etc.).

Q: Does Salesforce Share require sales reps to have Whistic accounts?

A: No. Sales reps can share Trust Centers through Salesforce without Whistic user privileges. However, if they need access to Knowledge Base or Smart Response features, they will need appropriate Whistic permissions.

Q: Can I disable a share type after enabling it?

A: Yes. You can disable Public Profile, Trust Center Link, Salesforce sharing, and Trust Center Exchange publishing at any time in Trust Center Settings. Note that disabling these features does not revoke access for recipients who have already registered or imported your Trust Center - you must cancel their shares through the Customers menu.

Q: What happens if someone forwards a Direct Share invitation to a colleague?

A: The email invitation is assigned to a specific recipient email address. If a colleague tries to register with a different email than the one on the invitation, they should request that the original recipient reassign the Trust Center share to them, or you can add them as an additional recipient.

Q: What happens if a Guest Pass recipient forwards their access link to someone else?

A: Anyone with the Guest Pass URL will have access to the Trust Center. The link is unique to the share instance but is not restricted to the specific recipient. If the recipient forwards the email or shares the URL, others can access your Trust Center using that link until it expires.

Q: How do Requested Shares work with the Require Approval setting?

A: When Require Approval is enabled, all requests through the Trust Center Link require manual approval before access is granted. You'll see pending requests in your Dashboard under Pending Trust Center Requests. When Require Approval is disabled, requests are auto-approved and recipients gain immediate access.

Q: Can I approve Trust Center requests from Slack without opening Whistic?

A: Yes, if you have Slack Actions configured. When approval requests appear in your designated Slack channel, you can use /whistic approve or /whistic deny commands directly in Slack to manage the request.

Q: What permissions do recipients need to view a shared Trust Center?

A: Recipients viewing a shared Trust Center need appropriate permissions based on their user type. Managed users need "Read Self-Assessment / Trust Center" permission at minimum. For unmanaged users or external recipients, standard registration and any configured NDA requirements apply. Guest Pass recipients do not need any permissions as they access without logging in.

Q: How do I share with marketplace partners like G2 or TrustRadius?

A: Use Public Profile Share and enable the specific partner toggle in Trust Center Settings. Ensure your Trust Center meets "Whistic Ready" requirements (recent SOC 2, ISO certification, or other security documentation within the past 12 months).

Q: Will publishing to Trust Center Exchange count against my share limits?

A: No. Imports from the Trust Center Exchange do not count against share limits. However, they are still tracked in your Customers menu and Reporting Suite for visibility purposes.

Q: Can I control who imports my Trust Center from the Exchange?

A: No. Once published to the Trust Center Exchange, any Whistic customer can import your Trust Center to their Vendor Catalog. You will receive an email notification when imports occur. If you need more control over who accesses your Trust Center, use Direct Share, Guest Pass, Public Profile Share with Require Approval, or Requested Share instead.

Q: What's the difference between Trust Center Exchange and Public Profile?

A: Trust Center Exchange is a searchable marketplace within Whistic where customers can discover and import vendor Trust Centers. Public Profile is a static link you can post on your website that allows anyone (including non-Whistic users) to preview your Trust Center. Both make your security information broadly accessible, but Trust Center Exchange is specifically for Whistic customers conducting vendor assessments.

Q: Can someone who imported my Trust Center from the Exchange access it multiple times?

A: Yes. Recipients who import your Trust Center from the Exchange can re-access it multiple times without triggering additional share notifications or counting as multiple shares.

Q: Can I enforce an NDA when using Guest Pass?

A: No. Guest Pass does not enforce NDA acceptance because recipients are not required to register or log in. If an NDA is required for compliance or legal purposes, consider gathering it manually outside of Whistic or use a different share method that requires registration, such as Direct Share.

Q: Can I extend a Guest Pass after it expires?

A: Once a Guest Pass expires, the recipient must contact the owner of the Trust Center for access. As an alternative, you can create a new Guest Pass share for the same recipient with a new expiration timeframe.