Drata integrates with SafeBase to surface vendor Trust Centers directly in your vendor profiles and security reviews. When a vendor has a SafeBase Trust Center, you can view their public security posture, request access to private documents, and let the TPRM Agent use Trust Center content to complete assessments — all without leaving Drata.
Add a Trust Center URL to a vendor
You can add a vendor's SafeBase Trust Center URL when adding a new vendor or by editing an existing vendor's details.
Search for a vendor by Trust Center
When adding a vendor, the Vendor name field doubles as a Trust Center search. Type at least three characters to trigger the search, which returns up to seven matching vendors at a time. Selecting a result automatically populates the vendor name and Trust Center URL.
Each result card shows:
Vendor logo – A circular icon on the left side of the card.
Vendor | Product name – The primary line, displayed as Vendor | Product (for example, Drata | SafeBase).
Website URL – The vendor’s website displayed below the name as a secondary line (for example, https://drata.com). Use this to confirm you are selecting the correct vendor before adding.
Vendor name format – Search results use the format Vendor | Product (for example, Drata | SafeBase). Each product on a Trust Center appears as a distinct vendor in the search results. Vendors added this way can be safely renamed after they are added.
Trust Center URL – When a product is selected from search, its Trust Center URL is auto-populated and includes a product-specific suffix (for example, /?product=Safebase). This links the vendor directly to that product’s Trust Center view.
Opt-out – Some vendors may not appear in search results if they have chosen to opt out of being discoverable within Drata TPRM.
Adding a vendor manually – If the vendor you want is not in the search results, simply continue typing the vendor name to add it manually. You can then enter the Trust Center URL directly in the Trust Center URL field.
Add a new vendor
Go to Vendors → Current and select Add vendor.
In Step 1: Vendor details, enter the vendor's Trust Center URL in the Trust Center URL field.
Complete the remaining steps and save.
For an existing vendor
Open the vendor's profile.
In the Vendor details section of the Overview tab, select Edit.
Enter or update the Trust Center URL and save.
Accepted URL formats
Drata recognizes the following formats when matching a Trust Center URL:
trust.example.com
💡 Drata normalizes these variations automatically, so any of the formats above will match the same Trust Center. |
Once a Trust Center URL is saved, a SafeBase icon appears next to the vendor name in both the Current Vendors and Prospective Vendors tables. Clicking the icon takes you directly to the vendor’s Trust Center URL.
View a vendor's Trust Center
Once a Trust Center URL is saved, a Trust Center tab appears on the vendor's profile. This tab embeds the vendor's SafeBase Trust Center directly in Drata.
Public information
By default, the Trust Center tab shows the vendor's publicly available security posture, which can include:
Compliance certifications (for example, SOC 2, ISO 27001, HIPAA)
Security policies and documentation
Subprocessor lists
Risk profile details (data access level, hosting, recovery objectives, and more)
Security grades
A banner at the top of the tab confirms: "You are viewing public information that [vendor] has made available to everyone."
Request access to private documents
If the vendor shares additional documentation with reviewers, a Request access button appears alongside the public information banner. Clicking it opens the SafeBase-powered access request flow, where you provide your name, work email, company name, and agree to the vendor's Trust Center terms.
All access controls, NDA requirements, and approvals are enforced by SafeBase — the same requirements that apply when accessing the Trust Center directly via its URL.
⚠️ Some vendors may choose to limit or restrict their Trust Center's visibility within Drata TPRM. Depending on the vendor's settings, you may see public content only with no option to request private documents, or you may not be able to view the Trust Center at all. If you need access and cannot request it through Drata, contact the vendor directly. |
Trust Center content in security reviews
When you start a security review for a vendor with a Trust Center URL, the TPRM Agent can use Trust Center documents — certifications, policies, reports — alongside questionnaire responses to complete the assessment.
Inside the review, you can also browse Trust Center content directly to inform your evaluation and add specific documents to include in your review record.
💡 For the TPRM Agent to analyze private Trust Center documents, access must be granted through the Request access flow before the review begins. |