Trust Center

The Service Organizational Control (SOC) framework is an attestation that Trintech meets the required standard regarding having controls in place to protect the confidentiality, integrity, and availability of our customers’ data in the cloud.

• SOC 1 focuses on the effectiveness of internal controls that affect the financial reports of customers
• SOC 2 evaluates controls that are relevant to availability, integrity, security, confidentiality, or privacy.

Trintech is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation.

Trintech’s SOC 1 reports cover the following period:

October 1 (of the prior calendar year) to September 30 (current calendar year).

April 1 (of the prior calendar year) to March 31 (current calendar year).

July 1 (of the prior calendar year) to June 30 (current calendar year)

Trintech has also undertaken an annual SOC 2 Type 2 attestation, relevant to security, availability and confidentiality controls listed in the AICPA Trust Services Criteria (TSC). Trintech’s SOC 2 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).

A Bridge Letter is provided monthly between audit periods so that the company is covered for the entire year.

Trintech has secured the certification known as TX-RAMP. The Texas Risk and Authorization Management Program (TX-RAMP) is a DIR program that provides review of security measures taken by cloud products and services that transmit data to Texas state agencies.

• TX-RAMP Level 2 Certification – Cadency
• TX-RAMP Level 2 Certification – ReconNet

Created by shared assessments, The SIG (Standardized Information Gathering Questionnaire), is a configurable tool to enable the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third party or vendor risk. Trintech updates it’s SIG quarterly.

The CAIQ (Consensus Assessment Initiative Questionnaire) is a downloadable spreadsheet of “yes” or “no” questions that correspond to the controls of the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), a cybersecurity controls framework for cloud computing. Trintech’s CAIQ is updated quarterly.

The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. https://cloudsecurityalliance.org/star/registry/trintech/services/trintech/

The CSA STAR Certification, attained after completing the STAR Level 2 – Third Party Attestation, confirms our compliance with ISO/IEC 27001 standards and the CSA’s Cloud Controls Matrix (CCM). This achievement also includes a comprehensive evaluation of our capabilities using the STAR Capability Maturity Model, highlighting our strengths in managing critical aspects of cloud security.

Participation in the CSA STAR program not only validates our best practices but also enhances our cloud security assurance. It includes rigorous assessments based on the CSA CCM, a comprehensive cybersecurity control framework that guides our implementation of 197 control objectives across 17 domains of cloud technology.

FFIEC, Federal Financial Institutions Examination Council, compliance is conformance to a set of standards for online banking issued in October 2005. We have fully integrated FFIEC inspired controls into our annual audits.

• The FFIEC cloud compliance document for both mid-size and large enterprises is available here.

“Digital Operational Resilience Act (DORA) is a European Union (EU) regulation aimed at enhancing the operational resilience of financial institutions, particularly in the face of digital disruptions. It came into effect on January 17, 2025, and applies to various financial entities, including banks, insurance companies, and investment firms. DORA requires these institutions to implement robust risk management frameworks, incident response processes, and digital operational resilience testing.”

Trintech received their DORA certificate in November 2024 for our Cadency, TRECCS, RNET, UPCS, and Adra products.

As a global leader in financial automation for the office of the CFO, Trintech takes a clear stance: AI must be responsible, secure, explainable, and never a black box. Our AI helps finance teams make decisions faster, with clarity—not confusion—and always under human control.

Whether you’re a customer, partner, employee, or just curious, this is where we lay it all out. No fluff. No smoke. Just how we build, govern, and operate AI with integrity.

We design AI to augment human decision-making—not replace it. We build tools that support accuracy, compliance, and accountability in some of the world’s most regulated industries.

Guiding principles include:

• Security: Enterprise-grade architecture and access controls protect your data at every layer.
• Transparency: You deserve to know how our AI works, what data it uses, and what it’s doing.
• Accountability: Our AI outputs are overseen by people—always. You stay in control.
• Fairness: No hidden bias. We audit and retrain our models to ensure equity in outputs.
• Privacy: Your data is never used to train general-purpose AI models. Full stop.

Trintech uses AI to deliver smarter, faster, and more secure experiences for finance and accounting teams:

• Conversational Interfaces: Natural language tools simplify complex workflows
• Document Intelligence: AI reviews financial documents to flag anomalies and recommend remediation steps
• Internal Use: We use AI internally to boost support efficiency, not just customer-facing innovation

You (as our customer) always stay in the driver’s seat – our AI just clears the road ahead

We didn’t wait for regulation to get serious about AI governance. Our framework was built from the ground up with global standards like ISO/IEC 23894 and NIST AI RMF in mind and it’s continuously evolving.

Governance at Trintech includes:

• Model Stewards: Own lifecycle management and bias monitoring
• Security & Privacy Officers: Ensure GDPR, CCPA, and data protection best practices
• Cross-Functional Reviews: use cases gets vetted through privacy, risk, and compliance lenses

Governance isn’t a checkbox—it’s our operating system

• Human-Centered Design: AI helps people, not replaces them
• Bias Detection & Mitigation: We test, audit, and re-train with fairness in mind
• Explainability: Tools like SHAP and LIME help you understand model behavior
• Responsible Data Use: Data is collected with consent and handled with encryption and anonymization
• Training & Oversight: Employees are regularly trained on responsible AI, fairness, and governance

Transparency isn’t just for show. We build it into our software:

• Opt-In AI Features: You control where and how AI is used
• Audit Trails & Summaries: Finance users see how AI reached its recommendation
• Data Deletion Requests: You can disable or remove data at any time
• Change Management: Every model update goes through a rigorous RFC and rollback process

We align with:

• GDPR, CCPA, and global privacy laws
• Industry-specific finance and audit requirements

AI is never “set it and forget it” at Trintech. We:

• Monitor models monthly for accuracy, bias, and drift
• Recalibrate when performance dips
• Retire models when they no longer meet our standards
• Maintain logs, approvals, audits, and DPIAs for every model and use case

Have Questions? Want to Report an Issue? We believe in two-way transparency. Reach us directly: AITrust@trintech.com

Report unethical use. Ask technical questions. Or just tell us what you’d like to see in future updates.

Stay informed by bookmarking this page—we update it as our AI evolves, and regulations change. Finance is transforming, and Trintech is leading the way with responsible innovation.