Getting Started

Setting up your program

TrustOps makes it effortless to set up a comprehensive and personalized compliance program. Initially, the setup process will create a SOC 2 program for you. Once the onboarding is complete, you can add additional controls and policies to map to other compliance standards.

Throughout the onboarding process, onboarding assistant “Kira”, will help you with every step.

Video – A step-by-step guide for TrustOps onboarding

Creating your account

The first step to getting started with TrustCloud is to create an account.

A step-by step guide to creating an account:

To create a new account, answer a few questions so TrustCloud can best support you:

1. How soon do you want to be SOC 2 compliant?
   1. I will need it in the next 2-3 months.
   2. I need it this year, but I am not in a rush.
   3. I’m exploring, not sure when I’ll need it yet.
      
2. Tell TrustCloud about you.
   1. Set up login using SSO (it’s best practice to use SSO) with:
      1.  Google
      2. Microsoft
      3. Okta (available for Growth, Scale, and Enterprise plans)
   2. Log-in by entering your email address
3. Verify Your Email.
   1. TrustCloud sends you an email with a “Verify Email” action before logging in. Once you have verified your email, a new window will prompt you to log in and begin the onboarding process.

TrustOps Onboarding

After you create an account, the next step is to complete your onboarding.

Step-by-step guide to start your onboarding:

1. Depending on when you want to go for your SOC 2 audit, here is how your SOC 2 week-wise preparation look like:
   1. Click on “Begin Onboarding” button. If you want, you can change your timeline from this page as well.
      
2. Help us understand what is your role in your company to provide the best support for you. You can select from the options shown in the screenshot:
   1. Click on the “Proceed” button.

      

3. Tell us if you are interested in any of the other compliance standards apart from SOC 2. You can select for the other standards as shown in the following screenshot.
   1. If your are interested in other standards, select whichever you wish to persue.
   2. Click on the “Proceed” button.
      
4. Here is your guide “Kira” to assist your onboarding.
   1. Click on the “Proceed” button.
      
5. Onboarding is a 3-step process. Tell us about your company, describe your TechStack and creating your SOC 2 scope.
   The following screenshot shows what you can expect during the onboarding process.
   
6. Tell us about your organization
   Answer a few simple questions about your organization’s processes to help us set a baseline for your program and start making progress towards your goals!

Getting Started: 3 – Steps Guide

1. Step 1 – About your organization
   
   1. Click on “Start Answering” button.
   2. Provide details like Company website, company description, service or product name, description or service or product you provide. Answer a few questions.
   3. Click on the “Your Tech Stack” button.
2. Step 2 – Describe Your Tech Stack
   Cloud Infrastructure
   1. Select cloud providers you use to store or process your data in the cloud.
   2. Click on “Select Cloud Infrastructure Services” button.
      
   3. Select Cloud Services
   4. Click on the “Select Tools” button.
      
      1. Search and select vendors you use from our Catalog and add them to the ‘My Tech Stack’ section by clicking on the service or dragging and dropping. There are a few preselected vendors; you can always remove them. Once you finish adding all the services, click on “I’ve selected my Cloud Services” button.
         
      2. If you don’t see your system in our catalog, you can log a catalog request once your onboarding is complete by going to the Systems page and selecting Add Systems. Search for a system name and select the option I don’t see my system here.

3. Step 3 – Create your SOC 2 Scope

1. Identify tools and services that store or process sensitive data. There are few preselected tools; you can always remove them and add more. For more information on this, check out the compliance launchpad section, in which a section for scope definition for each standard is provided.
2. Click on “Final Onboarding” button.

TrustCloud Onboarding Complete!

1. Click on “See Your TrustCloud” button to get more information about your program.
2. Click on “Begin my SOC 2 Prep” button.

Your first steps with TrustOps for SOC 2 preparation

In order to ensure you are set up for success, TrustCloud has created a few post-onboarding tasks maximizing the use of TrustCloud. Completing these tasks will strengthen your program, faster!

Step-by-step guide on post-onboarding tasks:

1. Automate Your Program
   1. In order to unlock automated tests, you need to set up integrations (you can do this on the Integrations page). You can also view list of evidence, policies and integration. If you do not set up any integrations, you will only see Self-Assessments (manual tests) in your program.
      1. Click on “Configure Automation” button.
         The following screenshot shows “Automate your program” page.
         
2. Review SOC 2 Scope:
   1. Click on “Review Scope” button.
   2. Review your systems and confirm that you are not missing any and that each of them has the appropriate data sensitivity classification associated with it.
   3. All the controls you need to fulfill SOC 2 are already adopted in your program. Run tests on failed controls so you can verify your policies. You can also assign controls to new owners and accelerate your compliance readiness. Check out Controls page for more information.
      1. TrustCloud has auto-generated policies for you based on your compliance program. Take a look at the policies to make sure that they align with your processes. If they are okay, then go ahead and approve them to start sharing them with your customers. If you are not ready to approve your policies yet or you are not the right person to approve them, you can assign Policy Owners and come back to this task later. Check out the Policies page for more information.
         
3. Enable Your Sales Team:
   1. Click on “View My TrustShare” to preview TrustShare portal that is built based on your compliance program to proactively share information on your trust and security posture with your customers.
      You can view certifications, policies, document related to your program. You can view more details in respective tabs.
      The following screenshot shows the TrustShare page.
   2. Here’s what you can do to help your sales team win more deals:
      1. Preview your TrustShare Page (this takes you to your TrustShare Admin Portal)
      2. Customize your TrustShare page and add your logo
      3. Add a Contact Email
      4. Publish your TrustShare (you can’t invite external users until you have done this)
      5. Start inviting users to view your TrustShare.

Preparing for a Successful Audit

TrustCloud has broken down everything you need to prepare for your audit into an 8 weeks program. When referring to tasks from Week 3 to Week 7, it refers to tasks assigned to default Groups. Feel free to customize these Groups to your requirements for our 8 weeks program.

Week 1:

• Get onboarded to the platform
• Invite collaborators and assign Groups
• Finalize the System Register
• Set up integrations
• Add branding and turn on notifications
• Determine ownership of Tasks, Controls, Systems, and Policies

Week 2:

• Control Adoption
• Run automated tests & triage failing tests
• Finalize assignment of Tasks, Controls, Systems, and Policies

Week 3:

• Engineering tasks
• DevOps tasks

Week 4:

• Security and Compliance tasks

Week 5:

• IT tasks

Week 6:

• HR tasks
• Legal tasks

Week 7:

• Leadership tasks
• Sales & Marketing tasks

Week 8:

• Internal Assessment* (available as a Professional Service by TrustCloud)

*An Internal Assessment is a review of your compliance program prior to your external audit. It is recommended that you do this once you have collected 80% or more of the evidence required for your controls. If you are interested in having one of our compliance experts perform an Internal Assessment for your program, email us at [email protected] or Contact Support from your TrustCloud program.