Third-Party Risk: Manage Vendors & Compliance
      Back to home
      1. Trustero Support
      2. Phase 1: Define Audit Scope & Risk Profile
      3. Third-Party Risk: Manage Vendors & Compliance

      Find Attestations of Compliance (AOC) for Common Vendors

      A resource to quickly find SOC 2 or ISO 27001 attestations for common providers and vendors

      Introduction

      Purpose

      Utilize this as a resource to meet some requirements outlined in the Supplier Relationships Security Policy. This list is not exhaustive of all vendors. Make sure to locate and save the attestations relevant to your scope. For more information and procedural guidance, refer to: Vendor Risk Management Overview and Guidance.

       

      Trustero Tip on Expiration Dates:

      • A SOC 2 report (Type 1 or 2) is valid for 12 months. 
      • An ISO 27001 or ISO 27701 is valid for 3 years, and usually lists the expiration date on the cover page of the certificate. 

      Attestation Locations

      Provider Function, Service, Activity being provided Attestation Type Source
      AWS (Amazon Web Services) Cloud Computing and Hosting SOC 2 Type 2 Report https://aws.amazon.com/artifact/getting-started/
      GitHub Version Control and Code Collaboration ISO 27001 Certification https://github.com/trust-center
      GitLab Version Control and Code Collaboration ISO 27001 Certification https://trust.gitlab.com/
      Google Workspace Office Productivity Suite, Email, Collaboration, and Document Management ISO 27001 Certification https://cloud.google.com/security/compliance/compliance-reports-manager#/
      OpenAI Language AI model provider SOC 2 Type 2 Report https://trust.openai.com/
      Atlassian Jira Service Management, Jira Software, Jira Work Management, Confluence, Statuspage SOC 2 Type 2 Report https://www.atlassian.com/trust/compliance/resources/soc2
      Miradore Mobile Device Management ISO 27001 Certification https://www.miradore.com/knowledge/account/security/
      Slack Team Communication and Collaboration ISO 27001 Certification https://slack.com/trust/compliance
      Globalization Partners HRIS - International ISO 27001 Certification https://www.globalizationpartners.com/about/iso-certifications-and-security/
      Recruitee Applicant Tracking System ISO 27001 Certification https://support.recruitee.com/en/articles/1066285-recruitee-s-iso-27001-certificate-data-centers-and-gdpr-compliance
      Checkr Background Screening and Verification ISO 27001 Certification https://checkr.com/trust-and-security
      Semgrep Static Code Analysis Tool SOC 2 Type 2 Report https://trust.semgrep.dev/