The vendor points to their 'trust center', what should I check there?
A trust center is usually a marketing page with a few useful documents tucked behind it. What matters: current certificates, sub-processor list, security whitepaper, and a changelog of security events. None of those four? Ask directly.
Try this first
- 1Open the trust page and look for SOC 2 or ISO 27001 reports with date, older than 12 months ask for the fresh one.
- 2Find the sub-processor list and judge whether it looks current, an empty or year-old list is a signal.
- 3Check whether there is a status page with incidents, transparency about outages says something about operational culture.
- 4Skim the security whitepaper: encryption at rest, key management, customer segregation, MFA for admins, audit logs.
When to bring us in
If you doubt a vendor claim, we can review the trust page soberly and help phrase deeper questions.
See also
- New hire has an account but cannot reach Outlook or TeamsAn M365 account without a license is an empty shell. Assigning takes a few clicks, but picking the right plan pays off long-term.
- Employee left, but their email must be retainedPulling the license straight away starts a 30-day timer on the mailbox. The right route keeps access to the mail without paying for the license.
- We pay for licenses nobody usesBetween leavers, duplicate plans, and test accounts there is often 10-20% wasted license spend. A usage report exposes it fast.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.