LET'S TALK
← All work
SOC2 CC9Trust PageSub-ProcessorsDeep Prototype

TrustCenter — Customer-Facing Compliance Page

The public trust page that sales hands to every enterprise prospect. 8 certifications (SOC 2 Type II, ISO 27001, HIPAA, PCI DSS L1, CCPA, GDPR, NIST CSF 2.0, CSA CAIQ), 8 sub-processors with current attestation status, 4-incident timeline, 8 pre-answered SIG questionnaire items.

TrustCenter — Customer-Facing Compliance Page preview
Open live →

What it is

The shape behind every customer-facing trust page (Stripe Trust, Vanta Trust, Drata Trust). The artifact prospects look at before they answer “yes” to procurement. One screen, no auth wall — current attestation status for every certification, every sub-processor, every recent incident.

What’s in it

  • 8 certifications — SOC 2 Type II (current report dated within 12 months), ISO/IEC 27001:2022, HIPAA BAA, PCI DSS v4.0 Level 1, CCPA, GDPR (Art 5 + Art 32 evidence), NIST CSF 2.0, CSA CAIQ v4.0. Each has report date, scope, and download path.
  • 8 sub-processors — AWS, Stripe, Snowflake, Auth0, Datadog, SendGrid, Sentry, Cloudflare. Each row carries: data categories shared, region(s) of processing, certifications held, DPA signed date, last-reviewed date.
  • 4-incident timeline — public-by-default disclosure history with severity, scope, RCA, and remediation. Shows the program is willing to publish failures, not just successes.
  • 8 SIG questionnaire pre-fill answers — the most-asked questions (data retention, encryption in transit, encryption at rest, MFA, backup cadence, breach-notification SLA, vendor risk, BC/DR). Sales pastes these into every prospect questionnaire.
  • Status indicator — pulsing dot at the top showing “all systems operational” matched against the actual status board.

Why this shape

SOC 2 Common Criteria CC2.3 (communicating policies + commitments externally) is satisfied by this kind of page. ISO 27001 Annex A.5.20 (information security in supplier relationships) requires the sub-processor list. The downside of NOT shipping this: prospects ask Sales for the SOC2 report, Sales asks the security team, security asks Compliance, two weeks pass, the deal slips. A public trust page collapses that into a self-serve URL.

How it ships

Single HTML file, ~15KB. Zero dependencies. 8 cert cards + 8 sub-processor rows + timeline + 8 SIG answers in 220 lines of vanilla HTML/CSS/JS.

Open the tool →