Product Security

This is our commitment to provide security across the ThirdPartyTrust platform.

Our Focus on Security

Data security is of paramount importance to us at ThirdPartyTrust. Our focus on security spans across every layer of the ThirdPartyTrust platform, and the service was designed from the ground up as a secure, highly available, and massively scalable multi-tenant vendor management and analytics platform. At ThirdPartyTrust we follow best practices in securely gathering and storing your data. Our founders and employees come from respected security companies in the industry. Our team is made up of security veterans with years of industry experience. Please see our Privacy Policy for further details.

Web Integrity
At ThirdPartyTrust we enforce strict https-only website access. Any non-secure requests are redirected and upgraded to use TLS communication. This ensures the integrity of the ThirdPartyTrust platform by using SSL authentication between the Customer and the ThirdPartyTrust web interface. The ThirdPartyTrust service must show a valid SSL certificate to each Customer to initiate this link. Perfect Forward Secrecy is also used on our web servers for HTTPS. In addition to the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording a users’ encrypted traffic, and they later crack or steal ThirdPartyTrust private keys, by using perfect forward secrecy they should not be able to use those keys to decrypt the recorded traffic at a point in the future.
Sending Data
All your data is encrypted when sent to ThirdPartyTrust over secure TCP connections using Transport Layer Security (TLS) version 1.2. For secure communication, users download a unique key to authenticate with the cloud service so that log data will only be accepted from trusted sources.
The ThirdPartyTrust Cloud Infrastructure Data Protection & Security Assurance
The ThirdPartyTrust cloud infrastructure is powered by Amazon Web Services. The service has been designed and managed in alignment with leading industry regulations, operating standards, and recognized best-practices including SSAE-16 SOC 1 (formerly SAS70), SOC 2, SOC 3, ISO 27001, PCI DSS Level 1, and other industry certifications and attestations. Because the ThirdPartyTrust application runs within and depends on our cloud infrastructure, data protection and security assurances are essential and provide the foundational elements for supporting industry compliance and robust policy controls. By having our application workloads in a secure, industry-certified environment, our infrastructure provides a higher level of security at scale, while providing worldwide service delivery and industry-leading reliability.
Incident Response

ThirdPartyTrust takes security vulnerabilities very seriously. If you have a security question, would like to discuss our data protection policies, or have identified a potential vulnerability, please contact us immediately via email at bug@bitsight.com or for general questions please email info@thirdpartytrust.com. Any events that impact our production environment can be found at https://status.thirdpartytrust.com.

Want to see for yourself?

Request Demo