Getting Started

Setting up your program

TrustOps makes it effortless for you to set up a comprehensive and personalized compliance program. Initially, your setup process will create a SOC 2 program for you, and you can then add additional controls and policies to map to other compliance standards, after your onboarding is complete.

Throughout the onboarding process, you will have ‘Kira’, your onboarding assistant, helping you with every step.

Video – Guided onboarding with step by step instructions:

Create your account

The first step to get started with using TrustCloud is to create an account.

Step by step guide to create your account:

1. Where are you on your SOC 2 journey?
   1. We’d like to understand your goals so that we may best support you. You can choose from the following options:
      1. I am getting started with my SOC 2 journey
      2. I want to be SOC 2 compliant in 2-3 months
2. Tell us who you are
   1. Set up login using SSO (it’s best practice to use SSO):
      1. Google
      2. Microsoft
      3. Okta (available for Growth, Scale, and Enterprise plans)
   2. Set up login by entering your email address
3. Verify Your Email
   1. Prior to logging into TrustCloud we will ask you to verify your email so we know you are a real person. TrustCloud will send you an email with a Verify Email action. Once you have verified your email, a new window will open up prompting you to login and begin the onboarding process.

Onboarding

After you create your account, the next step is to complete your onboarding.

Step by step guide to start your onboarding:

1. Select Your Role
   1. Help our team understand who you are so that we may best support you. You will be able to select from the following options:
      1. I am a technology leader
      2. I am responsible for compliance or security
      3. None of these apply to me, but I would still like to try TrustCloud
   2. Tell Me About Your Company
      1. Answer a few simple questions about your organization’s processes to help us setup a baseline for your program and start making progress towards your goals!
   3. Describe Your Tech Stack
      1. Cloud Infrastructure
         1. Cloud Providers are the vendors you use to store or process your data on the cloud.
      2. Select Cloud Services
         1. Cloud Services are the systems you use from your Cloud Providers
            1. Search and select vendors you use from our Catalog and add them to the ‘My Tech Stack’ section by clicking (+) sign or dragging and dropping. Keep in mind that we have already preselected a few but you can always remove these.
            2. If you don’t see your system in our Catalog you can log a catalog request once your onboarding is complete by going to the Systems page and selecting Add Systems. Search for a system name and select the option I don’t see my system here.
      3. Describe Your Tech Stack (all other tools)
         1. Your Tech Stack is your company’s technological infrastructure or a combination of the tools, applications, and services you use to run your business.
            1. Search and select vendors you use from our Catalog and add them to the ‘My Tech Stack’ section by clicking the (+) sign or dragging and dropping. Keep in mind that we have already preselected a few but you can always remove these.
            2. If you don’t see your system in our Catalog then you can log a catalog request once your onboarding is complete by going to the Systems page and selecting Add Systems. Search for a system name and select the option I don’t see my system here.
   4. Create Your Scope
      1. Identify tools and services that store or process sensitive data. We already went ahead and selected some for you but feel free to edit our selections or add to these. For more information on this check out the compliance launchpad section in which a section for scope definition for each standard is provided.
   5. TrustCloud Onboarding Complete!

Your first steps with TrustOps

In order to ensure you are set up for success we have created a few post-onboarding tasks to help you maximize your use of TrustCloud. Completing these tasks will not only strengthen your program, it will also save you time and help you win revenue faster!

Step by step guide on post-onboarding tasks:

1. Review SOC 2 Scope
   1. Review my Cloud Services
      1. Review your systems and confirm that you are not missing any and that each of your these has the appropriate data sensitivity classification associated with it.
      2. Data Sensitivity Classifications are defined by TrustOps in the following way:
         1. Customer Confidential: This includes systems with access to information that should be very secure such as Social Security information, credit card information, etc.
         2. Company Restricted: This includes systems that access sensitive information that is restricted to a specific group such as HR records or customer contact information.
         3. Company Confidential: This includes systems that access confidential data such as internal communication like Slack or Microsoft Teams.
         4. Public: This includes systems that access publicly-available information like a website or blog posts.
   2. See my Controls
      1. All controls you need to fulfil SOC 2 have already been adopted in your program. Run tests on failed controls so you can verify your policies. You can also assign controls to new owners and accelerate your compliance readiness. Check out Controls in FlightSchool for more information.
   3. View Policies
      1. We have auto-generated policies for you based on your compliance program. Take a look at the policies we’ve built for you and make sure that they align with the processes you’ve set up. If everything looks good then go ahead and approve these so you can start sharing them with your customers.
      2. If you are not ready to approve your policies yet or you are not the right person to approve these, you can assign Policy Owners and come back to this task later. Check Policies in FlightSchool for more information.
2. Automate Your Program
   1. We want you to work smarter, not harder! In order to unlock automated tests you will need to set up integrations (you can do this on the Integrations page). If you do not set up any integrations you will only see Self-Assessments (manual tests) in your program.
3. Enable Your Sales Team
   1. Preview TrustShare – the portal we’ve built based on your compliance program for you to proactively share information on your trust and security posture with your customers. Here’s what you can do to help your sales team win more deals:
      • Preview your TrustShare Page (this will take you to your TrustShare Admin Portal)
      • Customize your TrustShare page and add your logo
      • Add a Contact Email
      • Publish your TrustShare (you can’t invite external users until you have done this)
      • Start inviting users to view your TrustShare – it’s that easy!

Preparing for a Successful Audit

We’ve broken down everything you will need to do in order to successfully prepare for your audit in an 8 Week Program. When referring to tasks in Week 3 – Week 7 we are referring to tasks assigned to default Groups. Feel free to customize these Groups to your liking or make modifications to our 8 Week Program.

Week 1:

• Get onboarded to the platform
• Invite collaborators & assign Groups
• Finalize the System Register
• Set up integrations
• Add branding & turn on notifications
• Determine ownership of Tasks, Controls, Systems, and Policies

Week 2:

• Control Adoption
• Run automated tests & triage failing tests
• Finalize assignment of Tasks, Controls, Systems, and Policies

Week 3:

• Engineering tasks
• DevOps tasks

Week 4:

• Security & Compliance tasks

Week 5:

• IT tasks

Week 6:

• HR tasks
• Legal tasks

Week 7:

• Leadership tasks
• Sales & Marketing tasks

Week 8:

• Internal Assessment* (available as a Professional Service by TrustCloud)

*An Internal Assessment is a review of your compliance program prior to your external audit. It is recommended that you do this once you have collected 80% or more of evidence required for your controls. If you are interested in having one of our compliance experts perform an Internal Assessment on your program email us at kira@trustcloud.ai or Contact Support from your TrustCloud program.