Introduction

Privacy and security standard certifications are crucial benchmarks that organizations strive to achieve to demonstrate their commitment to protecting sensitive information and maintaining robust security measures. These certifications validate that an organization's practices align with established frameworks and regulations designed to safeguard data privacy and prevent unauthorized access.

While there are many different standards with their own set of requirements and proof of eligibility processes, there are several common standards which many organizations strive to uphold.

Available for customers on the Enterprise plan

What data can Torii provide me?

Torii provides information on the following standards:

• SOC 2
• GDPR
• ISO 27001
  
  

For each discovered application in your tenant, Torii provides information for the above mentioned standards, which includes:

• Whether Torii could Torii find evidence that this application has the required certification or other evidence of eligibility for theses standards, or not.
• If evidence was found, a reference to where this information was taken from
  
  

Please note: this information is currently only available for Enterprise Torii customers. 

Where can I see this information?

The compliance data can be found in several areas in Torii:

1. In each specific app page, you can now find compliance information in the app widget, under the category "Certifications & Compliance"
   
   Each Privacy and security standard that is not greyed out (meaning Torii did not find evidence that the app meets this standard) can be clicked to view the source which Torii used to determine the app's eligibility for this standard.
   
   
   
2. Compliance data can also be found in new columns in the Applications table. Each standard has 2 fields: one which provides information whether the standard is met or not, and one which provides a reference for this information. 
   
   Additionally a "Certifications & Compliance" field has been added, allowing you to view all certifications in one field or create filters based on compliance data.
   
   For your convenience, a new shared view has been added, dubbed "Compliance", which allows for easy scanning of compliance certifications.
   
   
3. A new Application Certifications & Compliance report has been aded to the reports page.
   
   
   
4. Compliance data is also available as a trigger, as well as a personalization token, for the App Meets Criteria workflow trigger. 
   
   
   
   
5. You can view all Compliance-related application fields Torii provides under Settings -> Applications Details -> Certifications & Compliance.
   

What can I use this data for?

Centralized compliance data enhances SaaS governance by simplifying audits, increasing transparency, and bolsters risk management across software portfolio. 

Here are some examples of how to use this information to maximize your benefit from it:

• Audit Preparation: identify which applications in your portfolio are not compliant with standards like SOC2, assisting in readiness for audits.
• Geographical Expansion: Ensure applications are GDPR compliant when expanding operations into Europe, aligning with local data protection laws.
• Shadow IT Management: Identify compliance of unauthorized or unofficially adopted applications (Shadow IT), reducing risks from unsanctioned software.
• Customized Compliance Views: Tailor visibility of compliance certifications to specific needs, providing flexibility in monitoring and enforcement at different organizational levels such as by user, team, or application.
• Managing Software Requests: Use compliance certifications data to determine whether a newly requested app meets your organization's standards and can be approved. 

Some best practice recommendations to maximize this data are:

• Regularly visit the "Compliance" view in the Applications page, or create a personalized view with compliance information, and export it to SecOps or other relevant stakeholders on a regular schedule or prior to significant events such as global expansion or yearly audits. 
• Create Workflows for newly discovered apps to alert relevant people about apps which could provide a risk due to not meeting privacy and security standards.