Trustero Compliance as a Service is already innovative, cloud-based compliance automation software. It includes multiple features that make SOC 2 compliance faster and easier to achieve and sustain. Examples range from auditor-vetted, customizable controls and policy templates to AI-powered automations.
But for everything, there’s always room for improvement.
In response to input and feedback from auditors, customers, and prospects, we’ve added some significant enhancements to the Trustero platform. In case you missed the announcement at the SaaStr Annual 2022 conference and trade show, here are the highlights.
AI-Powered Evidence and Test Suggestions
Trustero Compliance as a Service uses artificial intelligence (AI) to analyze controls and available evidence sources. The platform then makes specific evidence collection and test recommendations. These features complement the Trustero platform’s automated evidence gathering and validity testing capabilities. They also ease and speed audits and help companies sustain continuous compliance.
Bring Your Own Controls
Controls are basically the policies, procedures, and processes you and your team use to run your business. SOC 2 compliance requires that you select and implement specific controls. You may need 100 controls or more just to meet the mandatory SOC 2 security requirements. A SOC 2 audit report confirms your compliance or identifies areas of non-compliance.
The Trustero platform now supports bulk upload of controls by users, auditors, or both. Other tools require multiple iterations of “find, highlight, copy, and paste” to add controls. With the Trustero solution, users and auditors can consolidate information about multiple controls into a single .CSV file and upload that information all at once. The Trustero software then uses AI to map those controls to relevant policies and receptors automatically, with no user configuration required. This allows faster and easier integration of incumbent controls into the Trustero platform.
A Choice of Views
Users can now create multiple individual audits with Trustero, view historical audits, and focus on the specific details that are in scope for a given audit. For example, administrators can conduct and examine internal and external audits concurrently.
Users can also easily switch between a view of a specific audit and a company-wide “continuous compliance view” of overall audit readiness. For example, an auditor or CFO might want to focus on a specific audit report, while a CEO may be more interested in a company-wide view of their compliance posture.
Receptors automatically retrieve data from third-party service providers, process it, and connect it to controls to satisfy an auditor. This speeds evidence collection. Receptors for connections Trustero Compliance as a Service to the GitLab DevOps software package and the Bitbucket source code repository hosting service are now available.
New API Beta Program
Application programming interfaces or APIs provide robust connections between different software programs and platforms. Trustero has launched a Private API Beta Program. The program will enable developers outside of Trustero to build APIs for easy integration with Trustero Compliance as a Service. This will expand integration options for Trustero users and partners and enhance the business value of Trustero Compliance as a Service.
ISO 27001 Support
ISO 27001 is a framework of requirements and recommendations developed and overseen by the International Organization for Standardization or ISO. The framework defines the elements of an effective information security management system (ISMS).
Many companies pursuing SOC 2 compliance are also pursuing compliance with ISO 27001. The addition of ISO 27001 support to Trustero Compliance as a Service will help those companies streamline and evolving into a multi-framework compliance management solution.
To learn more about the latest enhancements to Trustero Compliance as a Service or to arrange a demo, visit https://www.trustero.com or email [email protected]