Trust begins with transparency. Our global team of dedicated security experts protects your data 24/7, 365 days a year.
Every year Trintech is rigorously audited by independent third-party companies (auditors) to prove that we comply with various global and regional standards.
The ISO/IEC 27001 certification specifies security management best practices and controls based on the ISO/IEC 27002 best practice guide.
IT ensures that our ISMS, Information Security Management System, is fine-tuned to stay current with changes to security threats, essential in the fast-paced world of IT security.
Re-certification is obtained by audit every three years, inclusive of an annual surveillance audit order to prove that Trintech:
- Has designed and implemented a comprehensive Information Security Management System (ISMS).
- Has adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks.
- Systematically evaluates information security risks appropriately, considering several factors, including the impact of company threats and vulnerabilities.
Trintech has been an ISO/IEC 27001 certified organization since 2021 and the certificate is available here.
Any third party wishing to independently verify the status of Trintech’s certification may query the certificate directory located at: https://www.schellman.com/certificate-directory
SSAE 18 SOC1 AND SOC2 REPORTS
The Service Organizational Control (SOC) framework is an attestation that Trintech meets the required standard regarding having controls in place to protect the confidentiality, integrity, and availability of our customers’ data in the cloud.
- SOC 1 focuses on the effectiveness of internal controls that affect the financial reports of customers
- SOC 2 evaluates controls that are relevant to availability, integrity, security, confidentiality, or privacy.
Trintech is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation. Trintech’s SOC 1 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).
Trintech has also undertaken an annual SOC 2 Type 2 attestation, relevant to security, availability and confidentiality controls listed in the AICPA Trust Services Criteria (TSC). Trintech’s SOC 2 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).
A Bridge Letter is provided monthly between audit periods so that the company is covered for the entire year.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a Federal Law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. (CDC) the NIST publication for implementing HIPAA is part of NIST’s overall security framework and conducts its HIPAA audit annually.
Created by shared assessments, The SIG (Standardized Information Gathering Questionnaire), is a configurable tool to enable the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third party or vendor risk. Trintech updates it’s SIG quarterly.
The CAIQ (Consensus Assessment Initiative Questionnaire) is a downloadable spreadsheet of “yes” or “no” questions that correspond to the controls of the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), a cybersecurity controls framework for cloud computing. Trintech’s CAIQ is updated quarterly.
The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. https://cloudsecurityalliance.org/star/registry/trintech/services/trintech/
FFIEC, Federal Financial Institutions Examination Council, compliance is conformance to a set of standards for online banking issued in October 2005. We have fully integrated FFIEC inspired controls into our annual audits.
- The FFIEC cloud compliance document for large enterprises is available here.
- The FFIEC cloud compliance document for mid-size organizations is available here.
It is of paramount importance to us that your data is always secure. We remain compliant with all security standards to ensure your data is protected, and that you can do business, worry-free.
Trintech Cloud Security – Frequently Asked Questions
This document addresses our customers’ most common security questions.
We are committed to protecting your privacy online and ensuring that you keep control of how your information is handled. We adhere to all applicable and up to date industry standards and legal requirements regarding privacy and data protection.
Data Protection Addendum
This Data Protection Addendum forms part of the agreement between Trintech and its customers regarding the processing of the customer’s personal data.