Search
  2. TrustCommunity
  3. Forums
  4. TrustCloud Q&A
  5. Trust Cloud’s own info-sec compliance
SHARE THIS TOPIC  
Ask a Question
epm
Participant
2 weeks, 6 days ago 2 Replies
Q:

Trust Cloud’s own info-sec compliance

I’m sold on Trust Cloud, but my colleagues are a little hesitant to start integrating systems. Of course, I have assured them that Trust Cloud is itself Soc2 compliant, but I’m on the hunt for answers to these questions:
1. When we integrate AWS and Auth0, what information does Trust Cloud access?
2. How does Trust Cloud ensure that our client data isn’t compromised or accessed through these integrations?
3. Has Trust Cloud ever experienced a breach in these integrations or any others? If so, what happened, and how quickly was it resolved?

Very much appreciate your thoughts. Best, Elizabeth

Tagged:  ,
docs icon TrustCloud Q&A
All Replies

Viewing 0 reply threads

  • mike1
    Participant
    2 weeks, 6 days ago

    Hi Elizabeth,

    For our integrations, TrustCloud retrieves inventory information (what resources you have) and metadata and configuration information in order to validate control adherence and to provide evidence within an audit. Our integrations always specify read-only permissions and the least privilege possible. For AWS in particular, we use AWS’s built-in “Security Auditor” role, which only has permissions to view configuration settings that are applicable for security. For example, information about your S3 buckets and their encryption status, sharing settings, etc., or your RDS databases to view encryption at rest status, backup retention schedule, and other security-related settings.

    We are highly transparent about our security practices at TrustCloud. You can find out about our controls and policies at https://trust.trustcloud.ai. We understand that our integrations access sensitive data, which is why we implement encryption at every step of the process (data encryption at rest, encryption in transit when retrieving data via the integration, storing API credentials and tokens in an encrypted key store).

    Finally, we have not experienced any breaches in any of our products or integrations. We do have a security incident management policy in place for handling the event of a data breach, should one ever occur.

    If you’d like more information about our security posture, please visit our TrustShare portal and feel free to request more information.

    Michael Salinger
    VP of Engineering and CISO
    TrustCloud

    • epm
      Participant
      2 weeks, 6 days ago

      Thanks Michael, super helpful information. Will share with team and circle back if there are any follow up questions!

Viewing 0 reply threads

Join the conversation

Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR