%201%20(1).svg){kind=icon}
Share this article
Five great DIY Trust Centers
No items found.
Accelerating security solutions for small businesses Tagore offers strategic services to small businesses. | A partnership that can scale Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. | Standing out from competitors Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market. |
Businesses have taken various approaches to tackle this challenge, from sending security questionnaires to implementing formal review processes before adopting new software solutions.
We are witnessing a shift from viewing security as a mere cost center to recognizing it as a crucial product feature. Customers increasingly seek to understand the quality of a product's security features. Consequently, companies proactively share high-level information about security practices across their marketing websites, blogs, and other channels, aligning with the growing trend of self-serve content and resources for informed buyers.
This evolution has led to the emergence of Security Pages & Trust Centers—webpages strategically designed to instill trust among customers and prospects while providing insight into InfoSec credentials. After meticulously reviewing hundreds of such pages, we are excited to share a selection of our favorite Trust Centers to inspire you to create your own.
DIY Trust Center Highlights
Figma
Figma leads our list with an impressive array of links in their website footer, covering Security, Privacy, and a Status Page. These pages are meticulously categorized, offering visitors valuable insights into the company's security program. Notably, they provide clear documentation of their privacy policy and data deletion request process, making these resources easily accessible.
Centralizing security program details serves internal and external teams by providing a single source of truth for all security-related information. Security-conscious buyers can efficiently access the information they need, saving time for your team and prospective customers.
With some additional technical enhancements by Figma's security team, these pages have the potential to evolve from a marketing-driven security overview into a robust security resource.
Fastly
Fastly stands out as a clear contender for leadership in security. They excel in accessibility, providing detailed information, and strategically positioning their security program throughout their marketing website. The Fastly team thoughtfully presents the intricacies of their security program within a Trust link in the website's footer. This section includes specific insights into Security and Compliance, Privacy, Legal Terms, and Corporate Values at Fastly. Notably, they also feature blog posts dedicated exclusively to security topics.
While Fastly's security information is comprehensive, it can sometimes feel like navigating a maze. Some key elements are missing, such as a clear method for contacting Fastly regarding their security program, robust Frequently Asked Questions (FAQs), and a secure platform for hosting and sharing more detailed resources. Incorporating these elements could further reduce barriers for prospective clients seeking in-depth security information.
Calendly
Calendly makes our list with a prominently displayed link to their Security & Privacy page in the website footer. This page details their security achievements, including SOC 2 Type 2, PCI, GDPR, and CCPA Compliance. Calendly's page provides easy access to crucial security resources, such as a Security White Paper, Privacy White Paper, Privacy Policy, and a link to report a security issue.
The page's structured and accessible layout is what earned it a place on our list. The content is clearly documented and technically sound, offering a high-level understanding of Calendly's policies. While adding a more dynamic page with searchable content and an FAQ would be beneficial, Calendly's effort is commendable.
OwnBackup
OwnBackup offers a well-documented resource for understanding their security posture, with links to Trust, Vulnerability Disclosure Policy, Service Level Agreement, and Privacy Policy clearly accessible in their site footer. By prominently featuring the system status, recent news, and vulnerability notifications at the top of its Trust page, OwnBackup underscores its commitment to transparency throughout the customer journey.
The only question left unanswered on OwnBackup's site is how to request a security review to gain InfoSec team approval before using their product. Nonetheless, OwnBackup provides a clear and transparent resource for understanding their security practices.
DataBricks
As a data services company, DataBricks impressively incorporates Trust communication on every page of its website. Their Security & Trust Center is prominently linked in the product navigation menu. The publicly available information they provide is abundant, detailed, well-organized, and interactive, striking a balance between marketing language and detailed security information.
We were particularly impressed by their due diligence package, security addendum, and platform architecture, all of which demonstrate a profound commitment to security. As Vanta's solution expands, we look to benchmarks like DataBricks to ensure we continually meet the Trust Center management needs of even the most cutting-edge companies.
Why you need a Vanta Trust Center
While providing security information on your marketing website is a commendable first step toward building trust, DIY trust pages often fall short in several key areas related to security postures.
Lacking a robust security overview
Without specific details such as links to incident response plans, PenTesting reports, system availability controls, and sub-processor information, you may not provide customers and prospects with a comprehensive view. Highlighting your security program can pique interest but may not expedite security reviews.
Absence of a centralized, searchable location
Marketing websites are primarily designed to market products to potential customers. Spreading security information and terminology throughout the site may boost prospect trust, but it fails to offer a single point of reference for anyone seeking information about your security posture or answers to their questions.
Your internal teams and prospective customers often search for answers regarding your security posture. Without a centralized location, it can be challenging for these parties to access and search for security information efficiently.
Failing to satisfy security reviews
Despite the rise of marketing pages dedicated to security, they often prove insufficient for instilling technical teams' confidence in your product's security. Many organizations still need to conduct security reviews, and marketing websites alone do not expedite this process.
Static pages that do not integrate with workflows
Most DIY security pages do not facilitate self-service requests or automate processes such as questionnaire completion or security review management. They provide static overviews of company security postures but do not deeply integrate into sales cycles or workflows.
“
“
FEATURED VANTA RESOURCE
The ultimate guide to scaling your compliance program
Learn how to scale, manage, and optimize alongside your business goals.
.svg)
Security
Blog
Bret Taylor of Sierra: How to sell to Enterprise Companies as an AI Startup
In this episode of Frameworks for Growth, Vanta CEO Christina Cacioppo sits down with Bret Taylor, Co-founder and CEO of Sierra, to discuss the evolution of technology, from the early days of cloud at Salesforce, to enterprise-ready AI companies.
.svg)
.svg)
.png)
.png)
.png)