Trustero ensures security by following best practices and minimizing where data is shared and stored
Trustero takes customer data security very seriously. Here are things we do to ensure our own security and how partners use data.
Trustero's security: we have our own SOC 2, which covers our own security practices. That means we do the right thing with encryption, permissions, etc. of customer data. Feel free to request our SOC 2 report.
Trustero's approach to collecting data: our goal is to collect as little data as required to assist customers on their GRC journey.
If there is ever data you are uncomfortable putting into the platform, you can reach out to Trustero to discuss and we can work with you on approaches to minimizing what goes into the platform.
Trustero relies on OpenAI to provide some AI capabilities.
- What we provide to OpenAI:
-
- our own content: suggested evidence, suggested tests, general guidance
- content from the customer: policy text, control text, evidence (automated and manual)
- How we use OpenAI:
-
- We use stock OpenAI models. We haven't trained or customized them.
- We use OpenAI in "forgetful" mode -- they will not incorporate data we send to them into their corpus
- OpenAI's security: they have a SOC 2 report