Ask a Question

Trust Cloud’s own info-sec compliance

I’m sold on Trust Cloud, but my colleagues are a little hesitant to start integrating systems. Of course, I have assured them that Trust Cloud is itself Soc2 compliant, but I’m on the hunt for answers to these questions:
1. When we integrate AWS and Auth0, what information does Trust Cloud access?
2. How does Trust Cloud ensure that our client data isn’t compromised or accessed through these integrations?
3. Has Trust Cloud ever experienced a breach in these integrations or any others? If so, what happened, and how quickly was it resolved?

Very much appreciate your thoughts. Best, Elizabeth

docs icon TrustCloud Q&A
All Replies

Viewing 0 reply threads

  • Hi Elizabeth,

    For our integrations, TrustCloud retrieves inventory information (what resources you have) and metadata and configuration information in order to validate control adherence and to provide evidence within an audit. Our integrations always specify read-only permissions and the least privilege possible. For AWS in particular, we use AWS’s built-in “Security Auditor” role, which only has permissions to view configuration settings that are applicable for security. For example, information about your S3 buckets and their encryption status, sharing settings, etc., or your RDS databases to view encryption at rest status, backup retention schedule, and other security-related settings.

    We are highly transparent about our security practices at TrustCloud. You can find out about our controls and policies at We understand that our integrations access sensitive data, which is why we implement encryption at every step of the process (data encryption at rest, encryption in transit when retrieving data via the integration, storing API credentials and tokens in an encrypted key store).

    Finally, we have not experienced any breaches in any of our products or integrations. We do have a security incident management policy in place for handling the event of a data breach, should one ever occur.

    If you’d like more information about our security posture, please visit our TrustShare portal and feel free to request more information.

    Michael Salinger
    VP of Engineering and CISO

    • Thanks Michael, super helpful information. Will share with team and circle back if there are any follow up questions!

Viewing 0 reply threads

Join the conversation