We take the security of your data seriously

Trust Trufijo’s enterprise-level security to keep your data secure and meet your compliance requirements.

Confidentiality and data security have been infused into Trufijo’s service platform since the company’s founding. We have developed a comprehensive security infrastructure to ensure that client information is held in strict confidence, supported by stringent protocols and practices.

When developing and documenting client processes, we work closely with each account to jointly determine which data and systems will be handled by the Trufijo team.

Trufijo’s data security infrastructure segments physical, electronic, and human security to provide a comprehensive set of safeguards for client data. This process has been developed in conjunction with industry experts and is continuously reviewed and refined.

Data Security and SOC 2 Compliance

At Trufijo, we recognize the importance of confidentiality and enterprise-level security to keep your data secure and meet your compliance requirements. We have infused a comprehensive security infrastructure into Trufijo’s service platform to ensure that client information is held in strict confidence, supported by stringent protocols and practices. 

Trufijo currently uses Drata to help automate the compliance journey, which will ultimately provide dashboard visibility for customers regarding compliance. We use Microsoft Intune/Defender for endpoint management and SumoLogic as our SIEM (security info and event management). 

In December 2024 Trufijo achieved SOC 2 Type 1 compliance, the main cybersecurity compliance framework (trust services criteria) developed to ensure that third-party service providers store and process client data in a secure manner.  

We partnered with a professional third-party auditor, AssuranceLab, to audit systems against more than 80 requirements. The SOC 2 Type 2 compliance audit cycle is currently underway with expected completion by 2025.  

How we maintain our data security infrastructure

When developing and documenting client processes, we work closely with each account to jointly determine which data and systems will be handled by the Trufijo team. Trufijo’s data security infrastructure segments human, information, and physical security to provide a comprehensive set of safeguards for client data.

Human

Our human security systems include:

• Background Checks:Trufijo conducts criminal, credit, and employment background checks on all employees.
• Security Policy:Trufijo’s security policy (available upon request) includes process guidelines, ethical (“Chinese”) walls, and a process for escalating any security issues immediately. Trufijo reviews any incident immediately and this policy overall on a quarterly basis.
• Confidentiality Agreements:Each employee executes nondisclosure agreements directly with Trufijo. 
• Management:Trufijo managers are trained to monitor / coach teammates on proper security procedures.
• Ongoing Training:Trufijo ensures each employee is sensitized to client security needs and trained in how to meet those needs. This includes phishing testing and training to provide real-world examples of how to identify threats.

Information

Our information security systems include:

• Endpoint Management:Devices connected to Trufijo and client networks are kept up to date with security software and hardware, including tight controls on files and data. Devices are monitored to detect and respond to threats, including ransomware and malware. 
• Single Sign-On:Session and end-user authentication.
• Password Management:Trufijo has a secure password management infrastructure that secures all logins. Access is based on single sign-on to each employee’s primary account. 
• Cloud Security:All core applications are industry-leading, cloud-based platforms based in US data centers with complete backup and redundancy.
• IP Restrictions:Trufijo leverages IP login restrictions to limit access to known IP addresses.

Physical Offices

Our physical security systems include:

• Security Cards:Our team has key secure key cards / ID cards to access the buildings and/or specific office space.
• Security Guards/Alarms:All international locations have security alarms and guards appropriate to their environments.
• Video Monitoring:Video monitoring is in place to provide an additional layer of security.
• Biometrics:To verify employee identities.

Note: Many employees do work from home on a regular or hybrid basis. Data integrity is maintained with multi-factor authentication on all applications as well as additional security measures.