TrustCloud Product Updates: May 2024

Tejas Ranade

31 May 2024

This month we have something big: Our new Third Party Risk Assessment app, TPRA. And it’s now available to current customers!

Observable third-party risk assessments 

Vendor assessments are a huge part of any GRC program, so it only makes sense to handle them in the same platform that handles your compliance, security questionnaires, and trust portal. TPRA will help you assess vendors and request observable assurance and compliance data. Here’s what sets TPRA apart.

Integrate seamlessly into your GRC program

Other solutions leave vendor assessments siloed from your other GRC workflows. TPRA is part of your Semantic Graph, which connects to your common control framework and provides real-time insight into compliance and risk status.

Measure business impact

No more spreadsheets or bare minimum check-the-box. TPRA will quantitatively measure how a vendor could affect your business and enable you to manage your vendors across multiple risk tiers.

Make accurate, evidence-based decisions

TPRA is connected to your controls and broader semantic graph, so as you evaluate vendor controls and evidence against your own control set, you’ll know you’ve always got the latest, freshest information on your program. 

Eliminate manual work with AI-driven workflows

Built-in GraphAI handles project management and manual tasks.This provides a single pane of glass to view all your vendors, their current status, pending assessments, and assessments that are due. Reading and assessing vendor documents? Coming soon, our GraphAI will parse and provide you assessment summaries, saving you many months of work.

Joyfully crafted to get you started fast

For most companies, standing up a third party risk program takes months, even with tooling. TrustCloud’s third party assessment capability is designed to get you started quickly in days, not months. 

Easy to use across the board

Like all TrustCloud apps, TPRA is approachable, usable, and quickly valuable. 

Contact your rep if you’d like to add TPRA to your TrustCloud platform.


TrustCloud meets the highest standards in AI governance. On our TrustShare page, you will notice our controls and policies mapped to ISO 42001 and NIST RMF, the latest AI compliance frameworks. In keeping with our mission of delivering assurance and helping customers build trust, we are committed to meet the same high standard in our use of AI.

We also support both these frameworks for our customers, and our customers like Lexpipe,, and Cognerium WealthGrowth are at the forefront of responsible AI governance. 

Webinar coming June 20! Join TrustCloud and Schellman for our webinar, “A Guide to ISO 42001 and NIST AI RMF.” We’ll provide expert insights and practical strategies to build robust AI governance frameworks, stay compliant, and mitigate risks. Register here!  


Customizable data classifications. Use TrustCloud without modifying your internal policies—you can now customize your systems per your own policies and data labels! This means you no longer need to maintain an offline translation table between your terminology and TrustCloud terminology.

TrustCloud edit data classification labels

New SOC-2 checklist! Need some clarity on what kind of evidence you need to upload for SOC-2? We’ve got a new checklist in TrustCommunity that provides a single view of all SOC-2 evidence requirements so you can organize your evidence and break it down into phases. You’ll also get clear instructions on what action items must be completed for controls to pass.


TrustCloud SOC 2 controls checklist

Check it out here! 

New inventory pages to view different types of data inventories for a system. Now you can easily identify a system or data source and view all the connected datasets via an updated inventories page. 

Run external test workloads. Now you can run external tests and only push results into the control. This enables you to keep your data and inventory on your own structure while getting a window into your data from TrustCloud.


TrustCloud external test details compliance automation


Programmatic risk assessment improvements. Now you can auto distribute weights across controls; view effectiveness and weights directly on the controls table; and get step-by-step guidance on required data fields. Collectively, these enhancements will reduce your onboarding and risk reassessment time frame.


New notifications and emails. Every time an assessment date is past due or a user adds new controls, makes changes to a risk, or updates owners, you’ll receive additional reminders and notifications. 

TrustRegister notifications

Improved search functionality. The search bar on the risk register page can extract information from a specific risk’s impact and assessment sections. Now you can search by impact and easily prioritize your mitigation efforts.

COMING SOON: Changes to RBAC system. The Role Based Access Control system will see updates to role settings at the end of July. Expect changes to access permissions!


👀You can see every update we’ve ever made! Check out our changelogs for the full list of releases.