Data Security
At Trifacta, we understand that data security can’t be an afterthought. We’ve baked robust security protocols into the foundation of our products and our company culture so that as your organization scales its Trifacta usage, you can ensure your data will be protected.
Each year, Trifacta undergoes an independent SOC 2 (Type 2) review to prove the longevity of our security standards. Under an appropriate Non-Disclosure Agreement (NDA), Trifacta can share the audit report to demonstrate that Trifacta’s security program is managed effectively across our business’s divisions. Our security framework includes a rigorous set of management, operational, and physical security controls. We’ve designed our networks and access control policies such that only the minimum level of access is permitted to perform a required job.
We aim to be transparent in our data security policies, which is why we’ve outlined essential corporate-level security information below. However, we also understand that data security is often an on-going conversation and welcome the opportunity to answer any additional questions that you may have beyond the scope of this document.
Finally, we’ve created supplementary documents that describe how security is managed for our Google Cloud and AWS based SaaS solutions that you can access from the Trifacta security and trust center website. Trifacta products may also be implemented on your private cloud on Azure or AWS or even on your internal systems. In these cases, please reach out to a Trifacta team member to discuss your specific requirements.
SOC 2 Type II Compliant
Trifacta Security Program
Monitoring and Alerting
Trifacta continually monitors assets for suspicious activity. Any suspected threats will be mitigated and/or alerted to relevant teams, if necessary.
Incident Response
Trifacta’s incident response program ensures that Trifacta personnel are trained to respond effectively to any security incidents that affect Trifacta and its customers. The program’s mission is to prevent or greatly reduce the impact that any security incident may have by providing a swift incident response to any unexpected security event involving Trifacta infrastructure and customer data. Blocker and critical incidents are tracked to resolution with appropriate measures to contain, mitigate, and resolve the incidents following Trifacta’s change control process.
The Trifacta team reviews security incidents and identifies the need for system changes based on incident patterns and root causes. Additionally, although Trifacta has never had a security breach that has impacted any customer data, Trifacta performs a post-mortem and retrospective analysis on identified security threats to improve processes for an effective response to security incidents.
The incident response policies and procedures are continuously refined as part of all response activities, as well as through annual tabletop scenario testing.
Trifacta also carries cybersecurity liability insurance as part of its overall risk reduction strategy.
Data & System Access
Trifacta employees’ skills and competencies are evaluated as part of the onboarding process. Additionally, background checks are performed, where permissible
by law, on employees prior to granting access to the Trifacta SaaS Systems production environment. Trifacta personnel may not access customer data without
prior customer approval. Designated Trifacta support personnel are only granted limited access solely to the extent necessary to address a customer technical support issue and then only upon request.
Trifacta uses a centralized directory solution to manage authentication and authorization of users to internal systems. User access is disabled upon the employee’s termination.
Compliance
Trifacta is committed to maintaining compliance with applicable regulatory and established security industry standards. We undergo an annual, independent SOC 2 (Type 2) review, and the audit report can be provided by request under NDA to all existing and prospective customers.
The audit report complements the benefits of the comprehensive set of Amazon AWS and Google Cloud Platform compliance programs Trifacta SaaS products are built upon.
Trifacta complies with the General Data Protection Regulation (GDPR) requirements regarding its collection, use, and retention of Personal Information. In its potential role as data subprocessor, Trifacta adheres to the applicable principles of EU 94/95 privacy rules.
Vendors and Subprocessors
Trifacta follows a Vendor Management Policy to address requirements for onboarding new vendors, assessing risks, and monitoring vendors. Any request for new software and vendors requires approval from the security team. All vendors and subprocessors are subjected to regular risk assessment by Trifacta personnel.
Physical & Environmental Security
Because Trifacta SaaS products rely on Amazon AWS and Google Cloud, these cloud platform providers handle physical and environmental security entirely. Both AWS and Google Cloud provide an extensive list of compliance and regulatory assurances, including SOC 1/2-3, PCI-DSS and ISO27001. For more detailed information, consult the Amazon compliance, the Amazon security, Google Cloud compliance, and Google Cloud infrastructure security documentations.
Conclusion
Trifacta follows rigorous processes and controls to assure security, availability, processing integrity, confidentiality, and privacy of customer data. Taking steps to ensure our platform remains secure is vital to protecting our data as well as our customers’ information. This is our highest priority.
The Trifacta platform is built with ease of use, performance, reliability, and security at its core to protect your most valuable asset. Platform security white papers are available from the Trifacta security and trust center website, each describing how the product security is managed for our Google Cloud and AWS based SaaS solutions.
If you want to know more about Trifacta, reach out to [email protected].
If you need to report a security concern, email us at [email protected].