This guide walks through configuring your Trust Center, from initial setup through ongoing content management. Your Trust Center is fully customizable to reflect your brand and share exactly the security information you choose.

Initial Setup

1

Navigate to Trust Center settings

Go to Trust Center in the main sidebar, then click Configure or Settings.
2

Enter your company details

Set your company name as it should appear on the Trust Center. This is the name visitors see.
3

Upload your logo

Add your company logo. It appears in the Trust Center header. Recommended size: 200x50px or larger. SVG or PNG with transparency works best.
4

Choose your URL

Your Trust Center is published at a custom slug under the LowerPlane trust center domain (e.g., trust.lowerplane.com/your-company). Choose a slug that matches your brand.
5

Enable sections

Toggle on the sections you want to display. You can enable or disable any section at any time.

Custom Domain

For a fully branded experience, you can configure a custom domain for your Trust Center (e.g., trust.yourcompany.com). This requires:
  1. Adding a CNAME DNS record pointing your subdomain to the LowerPlane trust center service.
  2. Entering the custom domain in Trust Center settings.
  3. Waiting for DNS propagation and SSL certificate provisioning (typically under 30 minutes).
A custom domain reinforces your brand and builds trust with visitors. It also makes the URL easier to include in marketing materials and RFP responses.

Section Configuration

Compliance Status

Toggle this section to show your framework compliance progress. The data is pulled automatically from your LowerPlane compliance dashboard. What is displayed:
  • Frameworks you are pursuing (50+ frameworks available)
  • Current compliance status for each framework (planning, in progress, audit-ready, certified)
  • Certification dates and certificate numbers (if certified)
Compliance scores and detailed control-level data are not exposed on the Trust Center. Visitors see framework-level status only.

Certifications

Upload and manage your certification documents:
  • SOC 2 Type I / Type II reports
  • ISO 27001 certificates
  • PCI-DSS Attestation of Compliance
  • HIPAA compliance letters
  • Other industry-specific certifications
For each certification, you can set:
SettingDescription
VisibilityPublic (anyone can view) or gated (requires access request)
Validity datesStart and end dates for the certification
Download allowedWhether visitors can download the document directly

Security Practices

Add descriptions of your security practices organized by category:
  • Data encryption (at rest and in transit)
  • Access controls and authentication
  • Network security
  • Incident response
  • Business continuity and disaster recovery
  • Employee security training
  • Vulnerability management
  • Physical security
Each practice entry has a title, description, and optional icon.

Policies

Select which policies from your Policy Center to display on the Trust Center:
  • Choose individual policies to make public
  • Set each policy as fully public or gated behind an access request
  • Policy content updates automatically when you publish new versions in the Policy Center
Review policies carefully before making them public. Ensure they do not contain internal implementation details, IP addresses, or other sensitive operational information.

Subprocessors

Manage your list of third-party subprocessors:
FieldDescription
Company nameName of the subprocessor
PurposeWhat the subprocessor does with the data
LocationCountry or region where data is processed
Data categoriesTypes of personal data shared
This section is particularly important for GDPR compliance, as data controllers must disclose their subprocessors.

FAQs

Create question-and-answer pairs that address common security inquiries:
  • “How is data encrypted?”
  • “Where is data stored?”
  • “What happens in case of a security incident?”
  • “Do you perform penetration tests?”
  • “How do you handle data deletion?”
Review security questionnaires you have received in the past. The most frequently asked questions make excellent FAQ entries.

Testimonials and Trusted Clients

  • Testimonials — Add customer quotes about your security program. Include the person’s name, title, and company (with permission).
  • Trusted Clients — Upload logos of notable customers who trust your security practices (with permission).

Updates

Post updates about your security program:
  • New certifications achieved
  • Security improvements implemented
  • Compliance milestones reached
  • Policy updates
Updates display in chronological order and show visitors that your security program is actively maintained.

Access Request Form

When visitors request access to gated documents, they fill out a form that captures:
  • Name and email address
  • Company name
  • Reason for the request
You receive a notification for each access request and can approve or deny it from the Trust Center management page.

Publishing and Previewing

  • Preview — Click Preview at any time to see how your Trust Center looks to visitors without publishing changes.
  • Publish — Click Publish to make your changes live. The Trust Center updates immediately.
  • Unpublish — You can take your Trust Center offline at any time by toggling it to unpublished status.

Analytics

Track how visitors interact with your Trust Center:
  • Page views and unique visitors
  • Most viewed sections
  • Access request volume
  • Document download counts
Share Trust Center analytics with your sales team. High traffic to specific sections can indicate what security concerns are top of mind for your prospects.

Best Practices

  • Keep it current. An outdated Trust Center is worse than no Trust Center. Review content quarterly.
  • Be specific. Vague security claims build less trust than concrete descriptions of your practices.
  • Gate appropriately. Make general information public, but protect detailed reports behind access requests.
  • Link from your website. Add a “Security” or “Trust” link in your website footer that points to your Trust Center.
  • Use it in sales. Train your sales team to share the Trust Center URL proactively during the evaluation process.