All Tools/Live

Answer Once — Supplier Trust Profile

Build one security profile. Share it with every customer who asks.

Suppliers get hammered with a different bespoke security questionnaire from every large client — each asking essentially the same things in a different format. This tool builds one reusable trust pack, mapped to the common questions and aligned to Cyber Essentials and CAF language, that you can share as a link or export as a document. Answer once, share everywhere. The single feature SMEs will love most.

Add a shareable trust badge to your website or include it in a tender response — and show customers you take security seriously before they even ask.

Build your trust profileOur cyber security services

How it works

Complete your profile once, then share it in whatever format each customer needs.

01

Complete your profile

Answer questions across the six profile sections. Your answers are mapped to the language used in common customer questionnaires and Cyber Essentials / CAF frameworks.

02

Generate your trust pack

The tool produces a formatted trust pack — a clean, professional document that summarises your security posture in the language your customers expect to see.

03

Share it everywhere

Share via a permanent link, export as a PDF, or embed the trust badge on your website. Update your profile once and all shared links reflect the change immediately.

What your profile covers

The six sections of the trust profile map directly to the areas customers most commonly ask about. Each section produces a clear, verifiable summary of your posture in that area.

Security Governance

Policies, ownership and training

  • Named person responsible for information security
  • Written information security policy in place
  • Staff security awareness training undertaken
  • IT and security policies reviewed in last 12 months

Technical Controls

Access, patching and encryption

  • Multi-factor authentication on all internet-facing services
  • Operating systems and software patched within 14 days
  • Data encrypted in transit and at rest
  • Admin access limited to named individuals with a legitimate need

Third-Party Management

Sub-processors and supplier due diligence

  • Inventory of third parties with access to your systems or data
  • Due diligence process applied before onboarding sub-processors
  • Data processing agreements in place with relevant third parties
  • Third-party access reviewed and revoked when no longer needed

Incident Management

Preparation and notification

  • Written incident response plan in place
  • Process for identifying and classifying security incidents
  • Defined notification obligations (customers, ICO, NCSC)
  • Post-incident review process documented

Data Protection

GDPR and data handling

  • UK GDPR compliance maintained
  • Record of processing activities (ROPA) maintained
  • Data retention and deletion policy in place
  • Privacy notices provided to data subjects

Business Continuity

Resilience and recovery

  • Business continuity plan documented and tested
  • Recovery time and point objectives defined for key systems
  • Data backed up and backup restoration tested
  • Key dependencies and single points of failure identified

Stop answering the same questions twice

Build your trust profile once — free — and share it with every customer who asks.

Build your profile