This statement summarizes TrustCheck's compliance posture and operating principles. It is informational and does not by itself certify TrustCheck or any customer as compliant with a specific framework.
1. Security Principles
- Verified asset ownership before sensitive scans, monitoring, attack simulation, or vetting.
- Role-based access and admin controls for users, organizations, assets, plans, badges, and verification.
- Audit logging for sensitive security, billing, verification, and administrative actions.
- Evidence locker and report export workflows for compliance records.
- Non-blocking email and integration delivery so operational failures do not break core workflows.
2. Framework Alignment
TrustCheck can help customers gather evidence and map findings to common security and privacy control areas such as access control, asset inventory, vulnerability management, incident response, vendor risk, secure configuration, encryption, logging, and change management.
3. Customer Responsibilities
Customers remain responsible for their own legal compliance, asset authorization, internal policies, remediation, incident response, data retention decisions, and third-party provider configuration.
4. Trust Badges
Trust badges show approved public-facing verification and tested scope. They do not replace formal certification, audit reports, regulatory filings, or customer-specific due diligence.
5. Requests
For security questionnaires, vendor reviews, data protection requests, or compliance documentation, contact support@trustcheck.io.