Trust Center
Win deals faster with proactive security transparency.
Branded compliance portal that lets prospects and customers self-serve your security posture. Share ISO 27001 certificates, SOC 2 reports, DPAs, and compliance assertions without back-and-forth email. NDA-gated document access, request tracking, and analytics.
What you get
Branded Portal with Custom Domain
Deploy a fully branded trust center on your own domain (e.g., trust.yourcompany.eu) with your logo, colours, and messaging. The portal presents a professional, always-current view of your security and compliance posture to anyone you share the link with.
NDA-Gated Document Sharing
Sensitive documents like SOC 2 Type II reports and penetration test summaries are gated behind digital NDA acceptance. Visitors sign the NDA electronically before accessing restricted content. All NDA acceptances are logged with identity, timestamp, and IP address for legal records.
Compliance Assertion Management
Publish structured compliance assertions — statements about your security posture backed by evidence — that update automatically as your compliance status changes. Assertions cover framework certifications, data residency commitments, encryption standards, and incident response capabilities.
Request Tracking and Analytics
Track who visits your trust center, which documents they access, and what additional information they request. Analytics reveal which compliance topics matter most to your prospects, helping you prioritise security investments that directly accelerate sales cycles.
Questionnaire Response Sharing
Pre-populate security questionnaire responses from your compliance knowledge base and share them via the trust center. Prospects download completed SIG, CAIQ, or custom questionnaires instantly instead of waiting weeks for manual responses.
Real-Time Compliance Status
Compliance status indicators update in real time from your FortisEU compliance data. When your ISO 27001 certificate renews or a new SOC 2 report is issued, the trust center reflects the update immediately without manual intervention.
How it works
Configure Portal
Set up your branded trust center with custom domain, logo, and colour scheme. Define the page structure, choose which compliance categories to display, and configure the public vs. NDA-gated content tiers.
Upload Artifacts
Upload compliance artefacts including certificates, audit reports, policies, DPAs, and completed questionnaires. Tag each artefact with its compliance category and set access level (public, NDA-gated, or request-only).
Set Access Rules
Configure who can access what. Public assertions are visible to anyone, NDA-gated documents require digital signature, and sensitive items require explicit approval. Domain-based access rules can pre-approve visitors from known customer domains.
Share Link
Share your trust center URL with prospects, customers, and partners. Embed it in your website, include it in RFP responses, and add it to sales collateral. Analytics track engagement from the moment the link is shared.
Built for your team
Procurement Acceleration
A sales representative includes the trust center link in every proposal. Prospect security teams self-serve ISO 27001 certificates, SOC 2 reports, and pre-completed SIG questionnaires without scheduling a call. This reduces the security review phase from 3-6 weeks to 3-5 days, directly shortening sales cycles and improving win rates.
Proactive Security Transparency
The CISO publishes the organisation's security posture proactively rather than reactively responding to individual requests. Compliance assertions, sub-processor lists, and data residency commitments are always current. When the GDPR Data Protection Impact Assessment is updated, the trust center reflects the change within minutes.
DPA Distribution and NDA Management
The legal team uploads the standard Data Processing Agreement, sub-processor list, and Standard Contractual Clauses to the trust center. Customers access and accept these documents through the NDA-gated portal, with every acceptance logged for GDPR Article 28 processor agreement compliance. This eliminates hundreds of email-based DPA exchanges per year.
Supports your compliance stack
Common questions
Does FortisEU support custom domain configuration?
Yes. You can deploy your trust center on any custom domain (e.g., trust.yourcompany.eu or security.yourcompany.com). FortisEU handles SSL certificate provisioning and DNS configuration. The custom domain presents your branding exclusively — there is no FortisEU co-branding unless you choose to include a 'Powered by FortisEU' badge. CNAME setup typically takes less than 15 minutes.
How does the NDA workflow function?
When a visitor attempts to access NDA-gated content, they are prompted to provide their name, company, email, and digital signature. The NDA text is fully customisable by your legal team. Upon acceptance, the visitor receives immediate access to gated documents, and your team receives a notification with the signed NDA details. All NDA acceptances are stored with timestamps, IP addresses, and digital signatures for legal enforceability. Accepted NDAs can be downloaded as PDF records at any time.
What analytics are available?
The trust center analytics dashboard tracks visitor count, document views, document downloads, NDA acceptance rates, and information requests. You can see which companies are reviewing your security posture, which documents they spend the most time on, and which compliance areas generate the most questions. Analytics data is retained for 24 months. GDPR-compliant analytics do not use third-party tracking cookies — all data is first-party and processed within the EU.
What document types can be shared?
The trust center supports any document format including PDF, Word, Excel, and images. Common documents shared include ISO 27001 certificates, SOC 2 Type I and Type II reports, penetration test executive summaries, Data Processing Agreements, privacy policies, sub-processor lists, Standard Contractual Clauses, business continuity plans, and incident response plan summaries. Pre-completed security questionnaires (SIG, CAIQ, VSAQ) can also be shared as downloadable artefacts.
How often is the trust center content updated?
Compliance assertions and status indicators update in real time from your FortisEU compliance data. When a new certificate is uploaded, a policy is revised, or a compliance score changes, the trust center reflects the update immediately. Document artefacts (PDFs, reports) are updated when you upload new versions — the previous version is archived automatically. FortisEU can notify subscribers when significant updates are published, keeping your customers informed proactively.
Related features
See Trust Center in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.