DORA, ISO, TÜV, GDPR, and Audit Documentation
We provide a searchable database of regularly updated compliance documents. Our documents are currently being reviewed by TÜV as part of the final certification process. You can find the database in the Issuer App under “Compliance Data Room”.
This allows issuers to forward the required infrastructure documentation to their authorities on request, with a full audit trail.
Incident Management
Security incidents are visible and managed on our status page, covering the following services:
Secret Management
Development and Staging secrets are managed via Doppler. Production secrets are managed via HashiCorp Vault, deployed in a hardened Docker container.
Contract Updates
Trusset cannot update global contracts (e.g. the Identity Register) as a single party. Global contract updates require multisignature approval from the TrussetDAO, consisting of all dedicated issuers in the Trusset ecosystem, and the Trusset Board.
Audit Policy
Once a year, we renew all security audits with a chosen third-party auditor based in the EU, and renew our ISO certification with TÜV.
App Updates
You can find our production app changelogs here. Updates undergo a strict, 3-step process that is defined internally and in our compliance documentation.