Inventory

What is it?

An inventory is a specific list of data that is gathered to provide information about a certain part of your business. This inventory is then inspected by an automated test or by a human to determine if one or more controls are being satisfied by analyzing the results of the inventory.

Examples of inventories are — users, systems, security incidents, devices, servers, databases, logs, etc.

Inventory in TrustOps

On your Inventory page in TrustOps you can view all of the inventories you are currently tracking in other systems in one place. By setting up available inventory integrations, you not only have live insights into your important inventories, but you can also use these as evidence to meet control criteria.

Below is a list of all of the inventory types you can find on our Inventory page along with information on how to connect these inventories in TrustOps:

1. Alerts: List of alerts for log monitoring tools
   • Available integrations that pull alert inventories:
     • CloudWatch Logs
     • Datadog
     • Sumo Logic
2. Assets: List of all of your company’s assets  from your asset monitoring tools
   • Available integrations that pull asset inventories:
     • Jamf
     • Jumpcloud
     • Kolide
     • Duo
3. Access: List of all users with access roles
   • Available integrations:
     • Buildkite
4. Background Checks: List of all performed background checks
   • Available integrations:
     • Checkr
5. CI CD Projects: List of all CI/CD pipelines from your CI/CD tools.
   • Available integrations:
     • Buildkite
     • Circle CI
     • Travis CI
6. Data Stores: List of database stores from your DBMS systems
   • Available integrations:
     • RDS
7. Employees: List of employees from your HR systems
   • Available integrations:
     • BambooHR
     • Freshteam
     • TriNet
8. Job Listings: List of all job postings
   • Available integrations:
     • Greenhouse
9. Logs: Audit logs from your enterprise monitoring tool
   • Available integrations:
     • CloudWatch Logs
     • Sumo Logic
10. Monitoring: List of all monitoring metrics for log monitoring tools
    • Available integrations:
      • Datadog
11. Phishing Attempts: List of all of your Phishing Tests performed by your Security Training tool
    • Available integrations:
      • Knowbe4
12. Repositories: List of all your repositories from your VCS
    • Available integrations:
      • Bitbucket
13. Security Training Campaigns: List of all security training campaigns from your Security Training Tool
    • Available integrations:
      • Knowbe4
14. Security Training Subscriptions: List of account subscriptions for your Security Training Tool
    • Available integrations:
      • Knowbe4
15. Users: List of all of your users from your identity providers
    • Available integrations:
      • Google Auth
      • Azure AD
      • Okta AD
16. Vulnerability Scans: List of reports from vulnerability scanning tools
    • Available integrations:
      • Snyk 

Providing Inventory as Evidence

Once you have setup inventories in TrustOps, you can use these inventories to automate control verification. This saves your team time when collecting evidence for controls and ensures you are presenting live and accurate data to your auditor.

Step by step guide to provide inventory as evidence:

1. Find the relevant control you want to attach this inventory as evidence for. Select the control. Select the three ellipsis icon and select Add Evidence.
2. Select the Attach from Inventory option. Scroll or search for the inventory system you would like to use.

Select the + icon to bulk select everything on the report or choose specific parts of the report. Select Add Evidence.

Video: Quick overview of inventories and adding inventories as evidence