Compliance Center
TRM Labs is dedicated to earning and maintaining customer trust through world-class security and privacy practices. Our organization and infrastructure are certified to SOC 2, ISO 27001, ISO 27701, and UK Cyber Essentials Plus standards. Our platform is also available in a FedRAMP® High compliant cloud environment — demonstrating our unwavering commitment to protecting data and safeguarding our customers.
Security and Compliance
TRM maintains a best-in-class security program and has completed and passed its SOC 2 Type II audit and will continue to build out its security infrastructure using the ISO 27001 framework, following GDPR principles. Our SOC 2 Type II audit report is available on request.
TRM data is stored in redundant, geographically dispersed data centers. Our data centers are SOC 2 Type II and ISO 27001 certified, and managed under a TRM vendor management program.
In addition to our extensive internal scanning and testing program, TRM employs third-party security experts each year to perform a broad penetration test across the TRM Production and Corporate Networks. Executive summaries of test results are available upon request.
As part of the third-party vendor management process, management periodically reviews the performance of vendor entities by verifying that they maintain their relevant certifications (e.g., SOC 1, SOC 2, ISO 27001:2013, PCI-DSS, etc.) by reviewing security and privacy control documentation captured in SOC 1 reports, SOC 2 reports, or other system and organizational documents, to validate the design and operating effectiveness of vendor controls.
For full details on our security program please visit our Drata Trust Center.
FedRAMP® High Authorization
Investigate with confidence. Deliver mission impact.
ISO 27001
ISO 27001 is the leading global standard for information security, proving an organization has a robust, risk-based framework to protect sensitive data and maintain trust.
ISO 27701
ISO 27701 is the international standard for privacy information management, extending ISO 27001 to demonstrate strong controls for protecting personal data and meeting global privacy regulations.
SOC 2 Type II
SOC 2 is a widely recognized audit standard that demonstrates strong controls for security, availability, and confidentiality, building trust with customers and partners.
.svg){kind=icon}
UK Cyber Essentials Plus
Cyber Essentials Plus is a UK government-backed certification that independently verifies an organization’s cyber defenses, proving protection against common threats and reinforcing customer trust.
GDPR
GDPR is the European Union’s data protection regulation that enforces strict requirements for how personal data is collected, processed, and stored, ensuring privacy and strengthening individual rights.
System Status & Reliability
Our system status page gives you real-time updates on the availability and performance of our services.
Modern Slavery Act Statement
The Modern Slavery act is legislation designed to combat forced labor, servitude, and human trafficking. Learn about TRM's policies and zero-tolerance approach to modern slavery and human trafficking.
Contact Our Security and Legal Team
We understand the challenges and responsibilities that come with securing your organization’s data. Whether you have questions, need guidance, we’re here to assist. Please fill out the form below and our team will be in touch promptly.
