Trust Center

Trust begins with transparency. Our global team of dedicated security experts protects your data 24/7, 365 days a year.

Compliance

Every year Trintech is rigorously audited by independent third-party companies (auditors) to prove that we comply with various global and regional standards.

ISO/IEC 27001:2022

The ISO/IEC 27001 certification specifies security management best practices and controls based on the ISO/IEC 27002 best practice guide.

IT ensures that our ISMS, Information Security Management System, is fine-tuned to stay current with changes to security threats, essential in the fast-paced world of IT security.

Re-certification is obtained by audit every three years, inclusive of an annual surveillance audit order to prove that Trintech:

  1. Has designed and implemented a comprehensive Information Security Management System (ISMS).
  2. Has adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks.
  3. Systematically evaluates information security risks appropriately, considering several factors, including the impact of company threats and vulnerabilities.

Trintech has been an ISO/IEC 27001 certified organization since 2021 and the certificate is available here.

Any third party wishing to independently verify the status of Trintech’s certification may query the certificate directory located at: https://www.schellman.com/certificate-directory

SSAE 18 SOC1 AND SOC2 REPORTS

The Service Organizational Control (SOC) framework is an attestation that Trintech meets the required standard regarding having controls in place to protect the confidentiality, integrity, and availability of our customers’ data in the cloud.

  • SOC 1 focuses on the effectiveness of internal controls that affect the financial reports of customers
  • SOC 2 evaluates controls that are relevant to availability, integrity, security, confidentiality, or privacy.

Trintech is audited by a third party and has maintained its SSAE 18 SOC 1 Type 2 attestation.

Trintech’s SOC 1 reports cover the following period:

October 1 (of the prior calendar year) to September 30 (current calendar year).

April 1 (of the prior calendar year) to March 31 (current calendar year).

July 1 (of the prior calendar year) to June 30 (current calendar year)

Trintech has also undertaken an annual SOC 2 Type 2 attestation, relevant to security, availability and confidentiality controls listed in the AICPA Trust Services Criteria (TSC). Trintech’s SOC 2 report covers the period October 1 (of the prior calendar year) to September 30 (current calendar year).

A Bridge Letter is provided monthly between audit periods so that the company is covered for the entire year.

TX-RAMP

Trintech has secured the certification known as TX-RAMP. The Texas Risk and Authorization Management Program (TX-RAMP) is a DIR program that provides review of security measures taken by cloud products and services that transmit data to Texas state agencies.

  • TX-RAMP Level 2 Certification – Cadency
  • TX-RAMP Level 2 Certification – ReconNet

SIG QUESTIONNAIRE

Created by shared assessments, The SIG (Standardized Information Gathering Questionnaire), is a configurable tool to enable the scoping of diverse third-party risk assessments using a comprehensive set of questions used to assess third party or vendor risk. Trintech updates it’s SIG quarterly.

CAIQ

The CAIQ (Consensus Assessment Initiative Questionnaire) is a downloadable spreadsheet of “yes” or “no” questions that correspond to the controls of the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), a cybersecurity controls framework for cloud computing. Trintech’s CAIQ is updated quarterly.

The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. https://cloudsecurityalliance.org/star/registry/trintech/services/trintech/

The CSA STAR Certification, attained after completing the STAR Level 2 – Third Party Attestation, confirms our compliance with ISO/IEC 27001 standards and the CSA’s Cloud Controls Matrix (CCM). This achievement also includes a comprehensive evaluation of our capabilities using the STAR Capability Maturity Model, highlighting our strengths in managing critical aspects of cloud security.

Participation in the CSA STAR program not only validates our best practices but also enhances our cloud security assurance. It includes rigorous assessments based on the CSA CCM, a comprehensive cybersecurity control framework that guides our implementation of 197 control objectives across 17 domains of cloud technology.

FFIEC

FFIEC, Federal Financial Institutions Examination Council, compliance is conformance to a set of standards for online banking issued in October 2005. We have fully integrated FFIEC inspired controls into our annual audits.

  • The FFIEC cloud compliance document for both mid-size and large enterprises is available here.

Security

It is of paramount importance to us that your data is always secure. We remain compliant with all security standards to ensure your data is protected, and that you can do business, worry-free.

Trintech Cloud Security – Frequently Asked Questions
This document addresses our customers’ most common security questions.

Privacy

We are committed to protecting your privacy online and ensuring that you keep control of how your information is handled. We adhere to all applicable and up to date industry standards and legal requirements regarding privacy and data protection.

The following Online Privacy Policy (incl. Privacy Shield Policy) and Data Protection Addendum demonstrate such a commitment and outline our information privacy practices and standards:

Online Privacy Policy
This Online Privacy Policy describes how we may collect, use, protect and share the information you provide us by visiting our website or communicating with us.

Data Protection Addendum
This Data Protection Addendum forms part of the agreement between Trintech and its customers regarding the processing of the customer’s personal data.