Trusaic Trust Center

Trusaic is continuously monitoring its overall security posture

Compliance

Documentation of our compliance against global standards including certifications, attestations, and audit reports.

SOC 2 type 2 report
Security
  • SOC 2 type 2 report
  • Cyber Insurance
  • Integration guide - Workday, UKG, SAP, ADP
  • SSO setup guide
  • GDPR summary
  • IT security plan
  • App security
View all
ISO Certificate (pending May 2025)
Policies
  • Change Management policy
  • IT change management policy
  • Code of conduct
  • Bridge letter
  • Vulnerability management policy
  • Vendor management policy
  • System acces control policy
View all

Continuous Monitoring

If a control is passing all tests, it will be marked as green. If a control has a failed test that was not resolved within the past 14 days, it will be marked yellow.

App Security
  • Annual penetration test
  • Code review process
  • Employee disclosure process
  • Quarterly vulnerability scan
  • Responsible disclosure (bug bounty)
  • Software development lifecycle
  • Web application firewall
Product Security
  • Databases monitored & alarmed
  • Hard-disk encryption
  • MFA on accounts
  • NoSQL database monitored and alarmed
  • Session lock
Organisation Security
  • Acceptable use policy
  • BCDR plan
  • Code of conduct
  • Disaster recovery plan
  • Incident response plan
  • Incident response team
  • Security training
Network Security
  • Denial of public SSH
  • Firewalls
  • Logging/monitoring
  • Malware detection software
  • Unique accounts used
Data Security
  • Daily database backups
  • Encryption at rest
  • Security policies
  • SSL/TLS enforced
  • System access control policy
Infrastructure Security
  • Cloud data storage restricted
  • Encryption of web-based admin access
  • Multiple availability zones
  • Password policy
  • Security patches automatically applied

Subprocessors

Microsoft Azure

Hubspot

Pendo

Privacy Policy

The Privacy Policy outlines the privacy practices of First Capital Consulting, Inc. dba Trusaic. Trusaic respects your privacy and confidentiality and the confidentiality of personal information you provide to us. This Privacy Policy describes the personal information we collect.

Privacy Policy
Security Page

Trusaic is GDPR compliant. We undergo independent security auditing, vulnerability scanning, and penetration testing. Learn more about our comprehensive GDPR compliance.


GDPR

Interested in Learning About Trusaic Software and Services?

Contact Us