Getting Started

Estimated reading: 7 minutes 3043 views

Setting up your program

TrustOps makes it effortless to set up a comprehensive and personalized compliance program. Initially, the setup process will create a SOC 2 program for you. Once the onboarding is complete, you can add additional controls and policies to map to other compliance standards.

Throughout the onboarding process, onboarding assistant “Kira”, will help you with every step.

Video: A step-by-step guide for TrustOps onboarding

Creating your account

The first step to getting started with TrustCloud is to create an account.

A step-by-step guide to creating an account:

To create a new account, answer a few questions so TrustCloud can best support you:

  1. How soon do you want to be SOC 2 compliant?
    1. I will need it in the next 2–3 months.
    2. I need it this year, but I am not in a rush.
    3. I’m exploring, not sure when I’ll need it yet.
      Onboarding 01 1
  2. Tell TrustCloud about you.
    1. Set up login using SSO (it’s best practice to use SSO) with:
      1.  Google
      2. Microsoft
      3. Okta (available for Growth, Scale, and Enterprise plans)
    2. Log-in by entering your email address
  1. Verify Your Email.
    1. TrustCloud sends you an email with a “Verify Email” action before logging in. Once you have verified your email, a new window will prompt you to log in and begin the onboarding process.

TrustOps Onboarding

After you create an account, the next step is to complete your onboarding.

Step-by-step guide to start your onboarding:

  1. Depending on when you want to go for your SOC 2 audit, here is how your SOC 2 week-wise preparation look like:
    1. Click on “Begin Onboarding” button. If you want, you can change your timeline from this page as well.
      Onboarding 02
  2. Help us understand what is your role in your company to provide the best support for you. You can select from the options shown in the screenshot:
    1. Click on the “Proceed” button.Onboarding 03
  3. Tell us if you are interested in any of the other compliance standards apart from SOC 2. You can select for the other standards as shown in the following screenshot.
    1. If your are interested in other standards, select whichever you wish to persue.
    2. Click on the “Proceed” button.
      Onboarding 04
  4. Here is your guide “Kira” to assist your onboarding.
    1. Click on the “Proceed” button.
      Onboarding 05
  5. Onboarding is a 3-step process. Tell us about your company, describe your TechStack and creating your SOC 2 scope.
    The following screenshot shows what you can expect during the onboarding process.
    Onboarding 06
  6. Tell us about your organization
    Answer a few simple questions about your organization’s processes to help us set a baseline for your program and start making progress towards your goals!

Getting Started: 3 – Steps Guide

  1. Step 1: About your organization
    Onboarding 07

    1. Click on “Start Answering” button.
    2. Provide details like Company website, company description, service or product name, description, service or product you provide. Answer a few questions.
    3. Click on the “Your Tech Stack” button.Onboarding 08 Company Profile
  2. Step 2: Describe Your Tech Stack
    Cloud Infrastructure

    1. Select cloud providers you use to store or process your data in the cloud.
    2. Click on “Select Cloud Infrastructure Services” button.
      Onboarding 09 Tech Stack
    3. Select Cloud Services
    4. Click on the “Select Tools” button.
      Onboarding 10 Tech Stack Services Used

      1. Search and select vendors you use from our Catalog and add them to the ‘My Tech Stack’ section by clicking on the service or dragging and dropping. There are a few preselected vendors; you can always remove them. Once you finish adding all the services, click on “I’ve selected my Cloud Services” button.
        TrustOps
      2. If you don’t see your system in our catalog, you can log a catalog request once your onboarding is complete by going to the Systems page and selecting Add Systems. Search for a system name and select the option I don’t see my system here.

3. Step 3: Create your SOC 2 Scope

TrustOps

  1. Identify tools and services that store or process sensitive data. There are few preselected tools; you can always remove them and add more. For more information on this, check out the compliance launchpad section, in which a section for scope definition for each standard is provided.
  2. Click on “Final Onboarding” button.

TrustCloud Onboarding Complete!
Onboarding 13 Complete

  1. Click on “See Your TrustCloud” button to get more information about your program.Onboarding 14 Begin Prep
  2. Click on “Begin my SOC 2 Prep” button.

Your first steps with TrustOps for SOC 2 preparation

In order to ensure you are set up for success, TrustCloud has created a few post-onboarding tasks that maximize the use of TrustCloud. Completing these tasks will strengthen your program, faster!

Step-by-step guide on post-onboarding tasks:

Onboarding 15 My Task

  1. Automate Your Program
    1. In order to unlock automated tests, you need to set up integrations (you can do this on the Integrations page). You can also view list of evidence, policies and integration. If you do not set up any integrations, you will only see Self-Assessments (manual tests) in your program.Post Onboarding Tasks 16
      1. Click on “Configure Automation” button.
        The following screenshot shows “Automate your program” page.

        Post Onboarding Tasks Automate Program 17
  2. Review SOC 2 Scope:
    1. Click on “Review Scope” button.
    2. Review your systems and confirm that you are not missing any and that each of them has the appropriate data sensitivity classification associated with it.
    3. All the controls you need to fulfill SOC 2 are already adopted in your program. Run tests on failed controls so you can verify your policies. You can also assign controls to new owners and accelerate your compliance readiness. Check out Controls page for more information.
      1. TrustCloud has auto-generated policies for you based on your compliance program. Take a look at the policies to make sure that they align with your processes. If they are okay, then go ahead and approve them to start sharing them with your customers. If you are not ready to approve your policies yet or you are not the right person to approve them, you can assign Policy Owners and come back to this task later. Check out the Policies page for more information.
        Post Onboarding SOC2 Scope 18
  3. Enable Your Sales Team:
    1. Click on “View My TrustShare” to preview TrustShare portal that is built based on your compliance program to proactively share information on your trust and security posture with your customers.
      You can view certifications, policies, and documents related to your program. You can view more details in respective tabs.
      The following screenshot shows the TrustShare page.Post Onboarding TrustShare 19
    2. Here’s what you can do to help your sales team win more deals:
      1. Preview your TrustShare Page (this takes you to your TrustShare Admin Portal)
      2. Customize your TrustShare page and add your logo
      3. Add a Contact Email
      4. Publish your TrustShare (you can’t invite external users until you have done this)
      5. Start inviting users to view your TrustShare.

Preparing for a Successful Audit

TrustCloud has broken down everything you need to prepare for your audit into an 8 weeks program. When referring to tasks from Week 3 to Week 7, it refers to tasks assigned to default Groups. Feel free to customize these Groups to your requirements for our 8-week program.

Week 1:

  • Get onboarded to the platform
  • Invite collaborators and assign Groups
  • Finalize the System Register
  • Set up integrations
  • Add branding and turn on notifications
  • Determine ownership of Tasks, Controls, Systems, and Policies

Week 2:

  • Control Adoption
  • Run automated tests & triage failing tests
  • Finalize assignment of Tasks, Controls, Systems, and Policies

Week 3:

  • Engineering tasks
  • DevOps tasks

Week 4:

  • Security and Compliance tasks

Week 5:

  • IT tasks

Week 6:

  • HR tasks
  • Legal tasks

Week 7:

  • Leadership tasks
  • Sales & Marketing tasks

Week 8:

  • Internal Assessment* (available as a Professional Service by TrustCloud)

*An Internal Assessment is a review of your compliance program prior to your external audit. It is recommended that you do this once you have collected 80% or more of the evidence required for your controls. If you are interested in having one of our compliance experts perform an Internal Assessment for your program, email us at [email protected] or Contact Support from your TrustCloud program.

Want to learn more about GRC?
Explore our GRC launchpad to gain expertise on numerous compliance standards and topics.

Join our TrustCommunity to learn about security, privacy, governance, risk and compliance, collaborate with your peers, and share and review the trust posture of companies that value trust and transparency!

Want to see how to turn GRC into a profit center?
Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk!

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR