Content on your Trust page may be confidential or require an NDA for access. You can select which content is Private or Public so you do not risk sharing sensitive information.
BEFORE DIVING IN
Files set as “Public” will allow anyone viewing your Trust page to download and view those files.
If you have an NDA uploaded in your “Settings” of your Trust Center, all files uploaded to your Trust Center will be set to “Private” by default but can be changed to “Public”.
Request access to private contents
For private content such as private compliance, reports, or policies, viewers of your Trust page can submit an access request.
Navigate to your Trust page,
In the compliance, security reports, or policies sections, private content will have a lock icon
Select the lock icon to request access.
A modal with the option to select any private file hosted on your Trust Center page is displayed. Search and select the files you want access to.
After clicking continue, they will be presented with a form.
Documents: Displays the list of selected files from the previous modal. A file can be removed by selecting the X icon.
Enter the rest of the fields.
If they have not been approved for a request within the last year, they will be required to view the NDA you uploaded to your Page Settings in your Trust Center.
You also have the option to not require visitors to agree to an NDA to access documents set to private.
The requestor must check the box acknowledging they have read and accepted the terms outlined in your NDA. If the box is not checked, the request cannot be submitted.
Once a request is submitted, you will receive the request through email.
Manage access request to private contents
Note for managing requests:
Approvals will last full year by default, starting from the approval date. This means if that requestor submits another request on your Trust Center, they will not need to check the box for an NDA. They will be automatically approved and receive the selected files. After one year, that requestor has to re-submit a request and get approved.
When you upload a new NDA, it will only apply to future requests. All past and pending requests will have the previous NDA you uploaded.
If you remove a file from your Trust Center or from Drata, any download link with that file will expire.
Once a request is submitted, you will be emailed the request. The email that receives the request is the one you entered on your Trust Center settings page within the Document access management section under Access request approver email field.
Search for and open the Trust Center access request email.
Select the View Request button. You can also paste the provided link into your browser.
You will be redirected to Drata's Trust Center page. Here, you can view all of your pending access request. There are multiple ways to approve or deny a request which is indicated in the next steps.
Approve or deny a request by selecting the check or x under the Actions column.
If you would like more information before approving or denying a request, select the row to view more information about that request. Then, you can deny or grant access.
If you would like to filter your request, select Manage Access.
Access requests tab: Search for a specific request, filter by source or status, or view the all of your requests to approve or deny them. You can also select the request for more information.
Approved domains tab: Add email domains so that they do not need to sign an NDA to access your security page documents.
Approved email addresses tab: Add email addresses so they don't need to sign an NDA to access your security page documents.
Denying a request
You can deny a request at any time. The requestor will receive an email saying they have been denied access.
Approving a request
The requestor will receive this email with a link to download their requested documents.
The Trust Center Admin email will also receive confirmation that a request was approved.