Security Governance

What system functionality will be in place, to enable customer's staff to manage access to the customer's system and data, including, what controls are in place, to ensure that privileged access rights can be restricted and controlled?

In line with Trint’s ISO 27001:2022 certification, client data is not accessed by Trint staff without prior written client consent or documented approval from the CISO. Clients can manage user access within the Trint platform and may also choose to enable SSO authentication.

Have all information security responsibilities within your organisation, been defined and allocated, including maintaining appropriate contacts with relevant authorities and groups, ensuring that Information security is addressed in project management and ensuring that conflicting duties and areas of responsibility are segregated?

Yes, all information security responsibilities have been defined and allocated, including maintaining appropriate contacts with relevant authorities and groups, preventing conflicting duties and ensuring areas of responsibility are segregated.

How often are Information Security Policies reviewed and updated?

All information security policies are continously reviewed and updated. However, we ensure a deep review is completed annually, which is then assessed by an external auditor.

Does your organisation have an Information Security Policy in place? How often is it reviewed and when did the last review take place?

Yes. All policies within the ISMS are reviewed annually throughout the year, and is covered by the annual audit.