Skip to content
BastionSec
Contact us
Cross-cutting · Trust Center

Your Trust Center: where you answer security questions before they're asked.

A public page that shows your compliance status, your policies and handles requests for confidential documents under NDA. We set it up and keep it current, so your sales team stops chasing security questionnaires.

  • Always-current compliance status with honest labels (operational / in progress).
  • Public policies and confidential documents released via NDA-gated requests.
  • Clear model: initial setup + ongoing maintenance.
Contact usSee our Trust Center
This page describes the service through which we build your Trust Center. Want to see one live? Our own Trust Center is public and shows how we apply the same approach to ourselves.

Who the Trust Center is for

Quick self-qualification: do you recognise yourself in one of these?

B2B SaaS selling to enterprise

Every deal brings a security questionnaire. A Trust Center answers ahead of time and unblocks deals faster.

Go to path

Newly certified company

You earned ISO 27001 or SOC 2 and want to show it credibly, without emailing PDFs on every request.

See ISO 27001

Anyone getting many document requests

Clients and prospects ask for policies, reports and certificates. One governed place saves time and awkwardness.

What a Trust Center is

A Trust Center is a public page where your company transparently shows how it handles security: the status of certifications, the available policies, the sub-processors, and an orderly way to request confidential documents.

For buyers it's a signal of maturity; for you it's the place to funnel security questions, instead of answering from scratch each time. It becomes your calling card to clients, investors and auditors.

What the service includes

We build it and maintain it. You approve what to show and what to keep confidential.

Compliance status

Your page shows the status of certifications and controls with honest labels: operational, in progress. No inflated badges.

Published policies

We pick which policies to make public (e.g. security policy, privacy) and publish them in an orderly way.

NDA-gated requests

Confidential documents (pentest reports, SoA, details) are requested from the Trust Center and released under NDA.

Sub-processors and regions

A transparent list of sub-processors and data-processing regions, useful in due diligence.

Continuous updates

We keep it aligned with certifications, policies and sub-processors as they change, with a last-updated date.

Consistent with your brand

Layout and copy consistent with your site, so the Trust Center feels like part of you, not an external widget.

How it works

A staged method. We define what's public and what's confidential together; you have the final say on every piece of content.

  1. 1

    Content inventory

    We gather certifications, policies, sub-processors and documents.

  2. 2

    Public vs confidential

    We decide what to show and what to release only under NDA.

  3. 3

    Trust Center setup

    We build the page with status, policies and document requests.

  4. 4

    Publication

    It goes live, consistent with your brand and linked from your site.

  5. 5

    Maintenance

    We update status, policies and documents over time.

Honesty as a principle: the Trust Center shows only what's real. No certifications you haven't earned, no badges you don't hold, no inflated reviews or numbers. 'In progress' labels stay 'in progress' until genuinely achieved.

Model and pricing

Two components: an initial setup (from a starting price, pinned down after a first conversation based on content) and ongoing maintenance on a subscription, to keep status, policies and documents current.

It works especially well alongside a certification path: as you earn ISO 27001 or SOC 2, the Trust Center reflects it. See the pricing page for the ranges.

Frequently asked

Is this your Trust Center or mine?

Yours. This page describes the service through which we set up and run your company's Trust Center. Our own, separate Trust Center is public and shows how we apply the same approach to ourselves.

Do I need a certification to have a Trust Center?

No. A Trust Center can show controls and policies even without a formal certification, with honest labels on status. It gets stronger when you earn ISO 27001 or SOC 2, and we update it accordingly.

What does 'NDA-gated documents' mean?

Some documents (for example a pentest report or the Statement of Applicability) are confidential: the Trust Center lets people request them, and we release them after a non-disclosure agreement (NDA) is signed.

Who updates the Trust Center?

We do, as part of maintenance: new certifications, revised policies, sub-processor changes. You approve the content; a last-updated date is always shown.

Can I publish only the status and keep the rest confidential?

Yes. You decide what's public (e.g. certification status and some policies) and what stays behind an NDA. That separation is part of the setup.

Does it integrate with my website?

Yes. We make it consistent with your brand and linked from your site, so it appears as a natural part of your presence, not a disconnected external service.

Go deeper

Our Trust Center

See it live: compliance status, policies and document requests applied to ourselves. It's the model.

Go to the Trust Center

ISO 27001

The certification the Trust Center showcases. The full path, from ISMS to audit.

Learn more

Continuous security

The retainer that keeps certifications, evidence and the Trust Center alive over time.

Explore the retainer

Stop chasing security questionnaires.

Tell us your need: we see what you can show today and set up your Trust Center, honestly.

Contact us