Compliance

Documentation of our compliance against global standards including certifications, attestations, and audit reports.

SOC 2 type 2 report

ISO certificate

Security

Annual penetration test

Cyber insurance

Integration guide - Workday, UKG, SAP, ADP

SSO setup guide

GDPR summary

GDPR blog

IT security plan

App security

Policies

Change management policy

IT change management policy

Code of conduct

Bridge letter

Vulnerability management policy

Vendor management policy

System access control policy

Risk assessment policy

Continuous Monitoring

If a control is passing all tests, it will be marked as green. If a control has a failed test that was not resolved within the past 14 days, it will be marked yellow.

App Security

Annual penetration test

Code review process

Employee disclosure process

Quarterly vulnerability scan

Responsible disclosure (bug bounty)

Software development lifecycle

Web application firewall

Product Security

Databases monitored & alarmed

Hard-disk encryption

MFA on accounts

NoSQL database monitored and alarmed

Session lock

Organization Security

Acceptable use policy

BCDR plan

Code of conduct

Disaster recovery plan

Incident response plan

Incident response team

Security training

Network Security

Denial of public SSH

Firewalls

Logging/monitoring

Malware detection software

Unique accounts used

Data Security

Daily database backups

Encryption at rest

Security policies

SSL/TLS enforced

System access control policy

Infrastructure Security

Cloud data storage restricted

Encryption of web-based admin access

multiple availability zones

Password policy

Security patches automatically applied

Subprocessors

azure

Microsoft Azure

hubspot-logo

Hubspot

pendo-logo

Pendo

Privacy Policy

The Privacy Policy outlines the privacy practices of First Capital Consulting, Inc. dba Trusaic. Trusaic respects your privacy and confidentiality and the confidentiality of personal information you provide to us. This Privacy Policy describes the personal information we collect.

Privacy Policy

Security page

Trusaic is GDPR compliant. We undergo independent security auditing, vulnerability scanning, and penetration testing. Learn more about our comprehensive GDPR compliance.

Security