Estimated reading: 4 minutes 1678 views

What is it?

An inventory is a specific list of data that is gathered to provide information about a certain part of the business. The inventory is inspected by an automated test or by a human to determine if one or more controls are satisfied and to analyze the results of the inventory.

Examples of inventories are users, systems, security incidents, devices, servers, databases, logs, etc.

Inventory in TrustOps

On your ‘Inventory’ page in TrustOps, you can view all of the inventories you are currently tracking in other systems in one place. By setting up available inventory integrations, you can have live insights into your important inventories, and you can use these as evidence to meet control criteria.

Below is a list of all of the inventory types you can find on the TrustOps Inventory page, along with information on how to connect these inventories in TrustOps:

  1. Alerts: List of alerts for log monitoring tools
    Available integrations that pull alert inventories:

    1. CloudWatch Logs
    2. Datadog
    3. Sumo Logic
  2. Assets: A list of all of your organization’s assets from your asset monitoring tools
    Available integrations that pull asset inventories:

    1. Jamf
    2. Jumpcloud
    3. Kolide
    4. Duo
  3. Access: A list of all users with access roles
    Available integrations:

    1. Buildkite
  4. Background Checks: A list of all background checks performed
    Available integrations:

    1. Checkr
  5. CI/CD Projects: A list of all CI/CD pipelines from your CI/CD tools
    Available integrations:

    1. Buildkite
    2. Circle CI
    3. Travis CI
  6. Data Stores: A list of database stores from your DBMS systems
    Available integrations:

    1. RDS
  7. Employees: A list of employees from your HR systems
    Available integrations:

    1. BambooHR
    2. Freshteam
    3. TriNet
  8. Job Listings: A list of all job postings
    Available integrations:

    1. Greenhouse
  9. Logs: Audit logs from your enterprise monitoring tool.
    Available integrations:

    1. CloudWatch Logs
    2. Sumo Logic
  10. Monitoring: List of all monitoring metrics for log monitoring tools
    Available integrations:

    1. Datadog
  11. Phishing Attempts: A list of all of your Phishing Tests performed by your Security Training tool
    Available integrations:

    1. Knowbe4
  12. Repositories: A list of all your repositories from your VCS
    Available integrations:

    1. Bitbucket
  13. Security Training Campaigns: A list of all security training campaigns from your Security Training Tool
    Available integrations:

    1. Knowbe4
  14. Security Training Subscriptions: A list of account subscriptions for your Security Training Tool
    Available integrations:

    1. Knowbe4
  15. Users: A list of all of your users from your identity providers
    Available integrations:

    1. Google Auth
    2. Azure AD
    3. Okta AD
  16. Vulnerability Scans: List of reports from vulnerability scanning tools
    Available integrations:

    1. Snyk

The following screenshot shows the “Inventory” page in TrostOps.

TO Inventory Main 01

To view inventory,

  1. Go to “Inventory” page in your TrustOps program.
  2. Click on “View [inventory name]” at the bottom of the inventory.
    The following screenshot shows the resource list of particular inventory.
    TO Inventory Resource List 02

Providing Inventory as Evidence

Once you have set up inventories in TrustOps, you can use these inventories to automate control verification. This saves your team time when collecting evidence for controls and ensures you are presenting live and accurate data to your auditor. You can select evidence from the TrustOps inventory. You can select records from connected systems to use as evidence. TrustOps will automatically generate a report from your selection.

A step-by-step guide to providing inventory as evidence

  1. Go to “Controls” page of your TrustOps program.
  2. Click on the control.
  3. Go to Self-Assessment section and click on the plus icon to “Add evidence.”
    TO Inventory Add Evidence Control 03
  4. Click on the “Attach from Inventory” option.
    TO Inventory Add Evidence 04
  5. Click on “Attach from Inventory.”
  6. Scroll or search for the inventory system you would like to use and click on “Select.”
    TO Inventory Select Add Evidence 06
  7. Click on the plus sign to select a record from the record list.
    TO Inventory Add Evidence 05
  8. Click on the “Add Evidence” button.

The same way you can “Add Evidence” from Systems as well.

The following video will give you an overview of inventories and guide you through adding inventories as evidence.

Join the conversation