Trusaic Trust Center
Trusaic is continuously monitoring its overall security posture
Compliance
Documentation of our compliance against global standards including certifications, attestations, and audit reports.
SOC 2 type 2 report
Security
- SOC 2 type 2 report
- Cyber Insurance
- Integration guide - Workday, UKG, SAP, ADP
- SSO setup guide
- GDPR summary
- IT security plan
- App security
ISO Certificate
Policies
- Change Management policy
- IT change management policy
- Code of conduct
- Bridge letter
- Vulnerability management policy
- Vendor management policy
- System acces control policy
Continuous Monitoring
If a control is passing all tests, it will be marked as green. If a control has a failed test that was not resolved within the past 14 days, it will be marked yellow.
App Security
-
Annual penetration test
Code review process
Employee disclosure process
Quarterly vulnerability scanResponsible disclosure (bug bounty)Software development lifecycleWeb application firewall
Product Security
- Databases monitored & alarmed Hard-disk encryptionMFA on accountsNoSQL database monitored and alarmedSession lock
Organisation Security
- Acceptable use policyBCDR planCode of conductDisaster recovery planIncident response planIncident response teamSecurity training
Network Security
- Denial of public SSHFirewallsLogging/monitoringMalware detection softwareUnique accounts used
Data Security
- Daily database backups
- Encryption at rest
- Security policies
- SSL/TLS enforced
- System access control policy
Infrastructure Security
- Cloud data storage restricted
- Encryption of web-based admin access
- Multiple availability zones
- Password policy
- Security patches automatically applied
Subprocessors
Microsoft Azure
Privacy Policy
The Privacy Policy outlines the privacy practices of First Capital Consulting, Inc. dba Trusaic. Trusaic respects your privacy and confidentiality and the confidentiality of personal information you provide to us. This Privacy Policy describes the personal information we collect.
Privacy PolicySecurity Page
Trusaic is GDPR compliant. We undergo independent security auditing, vulnerability scanning, and
penetration testing. Learn more about our comprehensive GDPR compliance.