Trust center launch checklist
You can stand up a credible trust center in under a week. This checklist walks through the documents to gather, the sections to publish, the NDA flow to configure and how to share it once it goes live.
Day 1 — Gather your documents
Pull every security and compliance artefact you already have into one folder. Most teams find more than they expect.
- SOC 2 Type 2 report (and Type 1 + bridge letter if relevant)
- ISO 27001 certificate or other certifications
- DPA / GDPR addendum
- Subprocessor list with locations
- Pen test summary or full report
- Information security policy
- Business continuity / disaster recovery plan
- Cyber insurance certificate
- Responsible disclosure policy
Day 2 — Decide visibility per document
Each document should be public, NDA-required, or internal-only. Default sensitive material (SOC 2 report, pen test report, financials) to NDA-required.
Day 3 — Set up your sections
Organize the trust page into sections buyers expect: Certifications, Policies, Subprocessors, Pen Tests, Practices. Add a short paragraph per section so buyers can self-serve answers.
Day 4 — Configure your NDA workflow
Use the built-in NDA template, upload your own, or wire up DocuSign / SignNow on a paid tier. Decide whether requests auto-approve on signature or wait for manual review.
Day 5 — Brand and publish
Add your logo, primary color and footer. On Pro and Business plans, set up a custom domain (e.g. trust.yourcompany.com). Publish.
Quick checklist
- SOC 2 uploaded and NDA-gated
- Subprocessor list section published
- NDA template configured
- Branding (logo + color) applied
- Custom domain configured (if Pro/Business)
- URL added to sales email template
- URL added to contract pack
- Internal team trained on NDA approval flow