Trust Center

Trust begins with transparency. Our global team of dedicated security experts protects your data 24/7, 365 days a year.

Compliance

Every year Trintech is rigorously audited by independent third-party companies (auditors) to prove that we comply with various global and regional standards.

ISO/IEC 27001:2013

The ISO/IEC 27001 certification specifies security management best practices and controls based on the ISO/IEC 27002 best practice guide.

IT ensures that our ISMS, Information Security Management System, is fine-tuned to stay current with changes to security threats, essential in the fast-paced world of IT security.

Re-certification is obtained by audit every three years, inclusive of an annual surveillance audit order to prove that Trintech:

  1. Has designed and implemented a comprehensive Information Security Management System (ISMS).
  2. Has adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks.
  3. Systematically evaluates information security risks appropriately, considering several factors, including the impact of company threats and vulnerabilities.

Trintech has been an ISO/IEC 27001 certified organization since 2021 and the certificate is available here.

Any third party wishing to independently verify the status of Trintech’s certification may query the certificate directory located at: https://www.schellman.com/certificate-directory

SSAE 18 SOC1 AND SOC2 REPORTS

The Service Organizational Control (SOC) framework is an attestation that Trintech meets the required standard regarding having controls in place to protect the confidentiality, integrity, and availability of our customers’ data in the cloud.

  • SOC 1 focuses on the effectiveness of internal controls that affect the financial reports of customers
  • SOC 2 evaluates controls that are relevant to availability, integrity, security, confidentiality, or privacy.

Trintech is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation. Trintech’s SOC 1 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).

Trintech has also undertaken an annual SOC 2 Type 2 attestation, relevant to security, availability and confidentiality controls listed in the AICPA Trust Services Criteria (TSC). Trintech’s SOC 2 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).

A Bridge Letter is provided monthly between audit periods so that the company is covered for the entire year.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a Federal Law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. (CDC) the NIST publication for implementing HIPAA is part of NIST’s overall security framework and conducts its HIPAA audit annually.

SIG QUESTIONNAIRE

Created by shared assessments, The SIG (Standardized Information Gathering Questionnaire), is a configurable tool to enable the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third party or vendor risk. Trintech updates it’s SIG quarterly.

CAIQ

The CAIQ (Consensus Assessment Initiative Questionnaire) is a downloadable spreadsheet of “yes” or “no” questions that correspond to the controls of the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), a cybersecurity controls framework for cloud computing. Trintech’s CAIQ is updated quarterly.

The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. https://cloudsecurityalliance.org/star/registry/trintech/services/trintech/

FFIEC

FFIEC, Federal Financial Institutions Examination Council, compliance is conformance to a set of standards for online banking issued in October 2005. We have fully integrated FFIEC inspired controls into our annual audits.

  • The FFIEC cloud compliance document for large enterprises is available here.
  • The FFIEC cloud compliance document for mid-size organizations is available here.

Security

It is of paramount importance to us that your data is always secure. We remain compliant with all security standards to ensure your data is protected, and that you can do business, worry-free.

Trintech Cloud Security – Frequently Asked Questions
This document addresses our customers’ most common security questions.

Privacy

We are committed to protecting your privacy online and ensuring that you keep control of how your information is handled. We adhere to all applicable and up to date industry standards and legal requirements regarding privacy and data protection.

The following Online Privacy Policy (incl. Privacy Shield Policy) and Data Protection Addendum demonstrate such a commitment and outline our information privacy practices and standards:

Online Privacy Policy
This Online Privacy Policy describes how we may collect, use, protect and share the information you provide us by visiting our website or communicating with us.

Data Protection Addendum
This Data Protection Addendum forms part of the agreement between Trintech and its customers regarding the processing of the customer’s personal data.