Build Trust and Close Deals Faster with Secfix Trust Center

The Secfix Trust Center allows you to publicly or privately showcase your company’s ongoing security and compliance practices. It provides real-time updates on your control monitoring and enables you to share certifications, attestations, and compliance standards such as ISO 27001, TISAX, SOC 2, and GDPR.

Yes, we understand that as your organization grows or undergoes changes, you might encounter control failures. Per default we hide the pass/fail status of specific controls, you just need to select the controls you want to show. To help you with that, you can use automation to pre-select the controls for you.

If you want to be more specific, we recommend also to adjust your final list of controls based on your Statement of Applicability (SOA).

Absolutely. The information available in your Trust Center can help speed up the process of filling out security questionnaires by providing clear visibility into your security posture, potentially reducing the number and complexity of the questionnaires you receive from customers.

In information security (InfoSec), you have a lot of valuable security document that can interest prospects, especially those looking for software in Germany and overall in Europe. Some of this information should be shared privately by request, while other documents can be public.

We suggest limiting access to the following documents:

• Policies Frequently Requested by Customers. Typically, we recommend to add following policies: List of documents
• Restricted InfoSec and Privacy Certifications and Reports: Examples include the SOC 2 report, which contains more detailed and potentially sensitive information than public reports
• CAIQ Questionnaire: Link to template‍
• ISO SOA (Statement of Applicability)
• Network Diagrams

These documents are often made public to increase the trust in your marketing:

• Certificates for ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 9001
• SOC 3 Report
• UK Cyber Essentials (Plus) certificate
• TISAX ENX participant data

In short, no, typically only a small portion of your vendors would qualify as subprocessors. A vendor becomes a subprocessor if they handle your customers' personal data (PII) as part of the services they provide to you.

Typical examples of subprocessors for B2B SaaS companies:

• Cloud infrastructure providers: AWS, GCP, Azure Cloud, etc.
• Email service providers: Google Workspace, Microsoft 365, etc.
• User authentication services: Firebase, Auth0, etc.
• Customer Relationship Management (CRM) systems: Hubspot, Salesforce, Attio, etc.
• Support ticketing systems: Jira Service Management, Zendesk, Intercom, etc.
• Customer support chat services: Intercom, Zendesk, Pylon, etc.
• User analytics platforms: Mixpanel, Amplitude, Hotjar, etc.
• App notification services: Twilio, Courier, etc.

If you have questions regarding your subprocessors, we recommend to reach out to your company’s DPO.

You can add a link button: The easiest way is to add a button in the footer of your landing page that links directly to your Trust Center.

You can also embed your Trust Center directly into your landing page on platforms like Webflow, Framer, WordPress, or a custom-coded page.