Safebase user guide
Safebase has been brought on board to facilitate and - most importantly - simplify our client security review journey. The premise of the Security Trust Portal is to have all relevant information security and compliance information in one place, readily available to be shared and presented to the client/prospect, thus cutting the time for reviews and revision of out-of-date info to a minimum.
As we continue to accomplish more and more attestations and certifications it is essential for us to be able to share the evidence of such in a secure and easy manner. This can be done through a simple access request from the user (with an integrated NDA signing workflow) via our Security Trust Portal.
Furthermore, Safebase includes a Knowledge Base which serves as our source-of-truth for all security questions and answers, which can be used internally by our client-facing teams to retrieve accurate information quickly.
Please watch the full training video for a comprehensive overview of Safebase’s functionality.
More helpful information and guides can also be found here on the Safebase advice and answer page.
Information on login to Safebase can be found here.
CE and Security team members can request elevate access to edit information on the Portal and onboard client accounts. Please reach out to the Security team slack channel #security for this request.
Following features of the platform and the security review workflow will be supported by the respective teams:
- Access request approval (via slack #safebase)
- Security question updates and periodic reviews of Knowledge Base in Safebase (on a quarterly basis)
- Proactive onboarding and attestation sharing with clients (sending out an invite to clients to view our new SOC 2 report)
- User permission (elevated access)
- Information upkeep and maintenance for Security Trust Portal; update information on the Portal front page
- Security answer updated and periodic review of Knowledge base in Safebase (on a quarterly basis)
- Trust Centre updates to subscribers (news on new reports, etc.)
Crash course on fequently used features
Accepting access requests
When a client/prospect requests full access via our Trust Portal, they will be prompted to enter their Company, Full Name and Email Address when signing up.
Once they submit their request the following message will pop up in the #safebase slack channel.
After the “Approve” button has been clicked you can add additional information to the account and prompt an NDA workflow through DocuSign (correct NDA template is already configured) for those customers that do not already have an NDA signed with us else choose ” Signed outside of Safebase” if an NDA already exists.
The requester will receive an email in their Inbox with the NDA to be signed. And once the NDA is signed or if one is already in place they will receive a confirmation email that they have been granted full access to the Security Trust Portal and all the document downloads.
The approver can visit the the “Accounts” tab in Safebase to see what the status for the requester account and the NDA signature status.
Any document downloads will also generate a notification into the #safebase slack channel.
More resources: https://help.safebase.io/en/articles/6173881-how-customers-gain-private-security-portal-access-from-your-public-link
Using the Knowledge Base
The Knowledge Base includes information from the Security Trust Portal as well as any questionnaires that we upload. The Trust Portal information in the Knowledge Base will be automatically updated as we update the Portal information, however, the questionnaire data needs to be reviewed and updated on a regular basis (see responsibilities section above).
You can search the Knowledge Base tab for any keywords and quickly get relevant questions and answer to your search.
The “Import” functionality allows for bulk upload via a csv or xlsx file with new questions & answers. Answers and questions can also be edited one by one.
More useful resources: https://help.safebase.io/en/articles/6117207-knowledge-base-overview
For any questions please contact the security team (Dora) via their slack channel #security or the CE team (Max Wiederholt) via their slack channel #CE.