- Trustero Support
- Trustero User Guide
- Trustero Security and Compliance
-
Trustero User Guide
-
The Why Behind the Phases: Big-Picture Strategy
-
Phase 1: Define Audit Scope & Risk Profile
-
Phase 2: Formalize Policies & Supporting Documents
-
Phase 3: Operationalize Controls
- Control Owners: Responsibilities & Evidence Gathering
- Executive Leadership: Oversight & Key Metrics
- People Team: HR Controls & Employee Management
- Asset Management: Protect & Track Company Devices
- Identity & Access Management: User Security & Reviews
- Secure Configurations: Hardening & Technology Setup
- Threat & Vulnerability Management: Monitoring & Response
-
Phase 4: Leverage Trustero AI
-
Phase 5: During the Audit
-
Phase 6: Stay Audit-Ready & Risk Aware
How does Trustero ensure receptors (integrations) are secure?
Trustero follows industry best practices, follows the principle of least privilege and encrypts all data
Trustero follows industry best practices for information security which have been verified by 3rd-party auditors as part of our own SOC 2. Our SOC 2 report contains a wealth of knowledge about what we do, our architecture, etc. Please let us know if you'd like that report. We can share it under NDA.
For receptors specifically, we do a few things with respect to security:
- We only collect data that is useful evidence for your controls. We don't collect data that's irrelevant for governance, risk and compliance purposes.
- We follow the principle of least privilege:
- Our receptors only have read-only access into services you use.
- Our receptors only have permission to read data necessary for GRC purposes, when possible. For example, if the service has different access levels/scopes/permissions we request the minimum necessary.
- All data collected is encrypted in transit and at rest
- You can revoke our access at any time