TrustCloud adds new tools to automate GRC frameworks

Enterprise compliance and trust assurance provider TrustCloud has added a suite of new capabilities to improve governance, risk, and compatibility (GRC) frameworks for organizations.

New capabilities include AI-powered custom frameworks, new evidence-collection integrations, and an expanded API.

"There are many compliance platforms that offer automation to save time on audit preparation, but only TrustCloud leverages AI to create systems that adapt to our customers' needs, so they are more supported throughout their audit journey and in other GRC processes," said Tejas Ranade, chief product officer at TrustCloud.

While the new API and integrations are already available to TrustCloud's existing and new customers through the platform at no added price, custom frameworks may attract additional charges depending on the framework requirements.

AI will automate policy mapping

TrustCloud's new AI-powered Custom Frameworks will allow organizations to create custom compliance frameworks tailored to specific requirements. This is achieved through TrustCloud's proprietary AI engine, which recommends new controls and policies and maps existing ones to new frameworks.

"AI creates additional time saving for customers by intelligently mapping current frameworks to new ones and determining what fresh policies and controls are required," Ranade said. "Without this feature, clients would have to spend hours manually creating frameworks and determining which policies, controls, and tests are required to set them up."

TrustCloud's Custom Frameworks is a useful application of AI to assist teams in efficiently setting policies and following frameworks for more effective risk management and compliance, according to Melinda Marks, an analyst at ESG Global.

"Over the years, we've seen increasing automation and usage of wizard-like templates and/or questionnaires to aid with compliance to make things easier and reduce errors," Marks said. "It's important to minimize manual, tedious work. So, AI is a more powerful approach to reduce the amount of time requiring human analysis to keep up with the needed requirements and the work to set the appropriate policies."

Integrations through new APIs enrich policy data

TrustCloud said its new API will enable customers to sync their compliance program to more than 100 leading software systems, including Snyk, DataDog, and Jira, to power evidence collection and continuous control testing.

"Evidence collection refers to the process of collecting proof that a company is meeting the requirements of a particular framework, and is usually a manual process," Ranade said. "The new API allows customers to directly connect their systems (such as their cloud provider, device management software, and other software) directly to the TrustCloud platform."

The platform can then automatically pull on the required information and keep it up to date, to test security and report to auditors. "The APIs and integrations are important to pull in more data from existing tools that customers are using," Marks said. "This helps customers better leverage their existing tools, utilizing the data for recommendations for controls and policies to manage risk with prevention and hardening, while also providing data for compliance evidence."