Overview
The following help article was created to essentially be a quick and dirty overview of what the SafeBase platform is, how to manage it, and how to use it.
There are many links contained within that dive deeper to expand ones knowledge, here, we cover the main concepts that will help organizations understand how to use SafeBase.
What is a SafeBase ?
What does it mean to be "Powered By Safebase?"
Often imitated, but never duplicated, from Okta and Crowdstrike, to Wiz and OpenAI, SafeBase's customers use the SafeBase platform and its Trust Center, as a branded, public facing interface that enables customers to access information in a secure manner.
Be it during the buying process, an annual security review, or simply a user is curious about product information, the SafeBase is purpose built to easily manage, and its Trust Center is used to provide a streamlined, friction-free way for users to get in, review content, and get out.
Customer Facing vs Backend
The SafeBase platform is separated into two main components:
The Customer Facing Trust Center - This is public. Users navigate to an organizations Custom URL, and request access.
Backend Management Site - This is only available to organization members, this is where SafeBase is configured, managed, and maintained.
Content
Content is the meat and potatoes of the SafeBase platform. It is managed via SafeBase's Trust Center editor, and Document Library.
When thinking about Content, the most basic concept is: "What information does a user need when visiting the Trust Center".
SafeBase works off a structure of Cards & Items
Cards are Categories: e.g. Compliance, Reports, Policies, Infrastructure..
Items fall within Cards: SOC2, ISO27001, Pentest Report, Subprocessors...
Each item within each card can be named, given a description, linked to a specific document etc.
The goal is that a user will navigate to the Trust Center, gain access, and find the item that they need.
Important Note: Every card and item does not need to be populated. Pertinent info applicable to an organization, even a baseline level of content is great!
Populating the Knowledge Base (FAQ)
Question, Answer, Comment. That is the name of the game.
Have a huge collection of previously answered Security Questionnaires hiding somewhere in a Google drive or Sharepoint folder? Upload those to the KB, it is the best place for them.
The Knowledge Base (FAQ) aptly shortened to "The KB" is a searchable library built into SafeBase. It provides the source of truth for the Trust Library search function, and is the main source of truth for SafeBase's AI Questionnaire Answering Service.
Important Note: Garbage in - Garbage Out is highly applicable here. The KB should be a highly manicured repository, put your best foot forward when adding information to it.
Accounts
In an attempt to simplify something that is decently complex, we are going to bullet this one out.
Accounts are Companies that access the Trust Center.
Users from companies request access, access is approved (or denied), and the Account is managed in SafeBase.
Accounts are based off the domain of the email of the user requesting access.
One Company = One Account.
Subsequent requests from the same domain, will be added to the same account.
SafeBase pricing plans are based off of accounts, but there is no limit
Still with us? Here is an example:
(Warning: Jerry's name will be mentioned 9 times here)
Jerry, from Animated Show LLC, goes to trust.safebase.io and requests access.
Jerry's request is approved by the organization account manager.
An account is created called Animated Show LLC @ animatedshow.com
Jerry receives an email notification that his request was approved.
Said email notification contains a magic link which Jerry clicks on.
The magic link takes Jerry back to the Trust Center and makes him sign an NDA
Once the NDA is signed, Jerry is able to review the Trust Center
Jerry is unsure exactly what he needs to complete the review, and needs a second set of eyes from his boss Tom.
Tom, looking to help Jerry out, navigates to trust.safebase.io
Tom requests access using his tom@animatedshow.com email
Because it is the same domain, Tom is automatically added to the Animated Show LLC account
Additionally, because Jerry already signed the NDA for Animated Show LLC, Tom does not need to sign an NDA.
Important Note: While there are nuances and additional capabilities of this workflow, this is Account Request flow in a nutshell.
Going Live
Okay. The content is added, cards and items are populated the best they can be, the KB has a bunch of info added to it, marketing has signed off on branding, and the admins have a pretty good grasp on how to fundamentally use SafeBase.
What is next? Good news is, this is the easy part.
"Going Live" means that a Trust Center is officially, publicly available on the internet.
This is completely self serve, and explained in this help article.
Once live, customers, prospects, and the occasional lurker, will navigate to an appropriately named URL, click "Get Access", and we are off to the races.
The SafeBase team has developed a great Rollout Toolkit to advertise, publicize, and merchandise the Trust Center.
Make A Trust Center Update
Hold up, don't stop reading.
Last but not least, SafeBase's built in mass notification feature, a.k.a "Trust Center Updates", a.k.a "TCUs", is an incredibly useful way to broadcast information from the Trust Center.
Tell the world that a company's new Trust Center is up and running? Yes.
Let everyone know that an organization was not affected by the latest data breach? This is how to do it.
Need to make sure all accounts get a notification about a fancy new Subprocessor? A Trust Center Update is the way to go.
Trust Center updates can be sent to folks that subscribe to a Trust Center, or can be sent out via importing a list of emails. (Hoping that those who receive one, will also subscribe). Learn more about TCUs here.