At ThirdPartyTrust we enforce strict https-only website access. Any non-secure requests are redirected and upgraded to use TLS communication. This ensures the integrity of the ThirdPartyTrust platform by using SSL authentication between the Customer and the ThirdPartyTrust web interface. The ThirdPartyTrust service must show a valid SSL certificate to each Customer to initiate this link. Perfect Forward Secrecy is also used on our web servers for HTTPS. In addition to the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording a users’ encrypted traffic, and they later crack or steal ThirdPartyTrust private keys, by using perfect forward secrecy they should not be able to use those keys to decrypt the recorded traffic at a point in the future.
All your data is encrypted when sent to ThirdPartyTrust over secure TCP connections using Transport Layer Security (TLS) version 1.2. For secure communication, users download a unique key to authenticate with the cloud service so that log data will only be accepted from trusted sources.
The ThirdPartyTrust cloud infrastructure is powered by Amazon Web Services. The service has been designed and managed in alignment with leading industry regulations, operating standards, and recognized best-practices including SSAE-16 SOC 1 (formerly SAS70), SOC 2, SOC 3, ISO 27001, PCI DSS Level 1, and other industry certifications and attestations. Because the ThirdPartyTrust application runs within and depends on our cloud infrastructure, data protection and security assurances are essential and provide the foundational elements for supporting industry compliance and robust policy controls. By having our application workloads in a secure, industry-certified environment, our infrastructure provides a higher level of security at scale, while providing worldwide service delivery and industry-leading reliability.
ThirdPartyTrust takes security vulnerabilities very seriously. If you have a security question, would like to discuss our data protection policies, or have identified a potential vulnerability, please contact us immediately via email at firstname.lastname@example.org or for general questions please email email@example.com. Any events that impact our production environment can be found at https://status.thirdpartytrust.com.