Trust & Security Center

Start your security review
Search items

Overview

Trust Alliance Logo

Welcome to Treasure Data's Trust & Security Center.

At Treasure Data, Trust and Security are at the forefront of everything we do. Use this portal to learn about our security posture and request access to our security assurance documentation.

Prospective customers should reach out to our Sales team here if you're interested in learning more about our CDP. Existing customers should reach out to your Customer Success Manager if you're interested in more information.

Audit & Compliance

2G3M Logo
2G3M
CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
EU-US DPF Logo
EU-US DPF
FISC Logo
FISC
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
nFADP Logo
nFADP
Privacy Mark Logo
Privacy Mark
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
ISO 27701 Logo
ISO 27701
Start your security review
HIPAA Report
HIPAA Security Whitepaper
Network Diagrams
Pentest Report
Securing Customer Data Whitepaper
SOC 2 Type 2 Report
SOC 3 Type 2 Report
ISO 27001
Security Incident Response Planning & Testing
2G3M
CSA STAR
FISC
ISO 27017
ISO 27018
Privacy Mark
CAIQ
NIST
SIG Lite
VRMM TPRM
VSA Full
Cyber Insurance
BC/DR Planning & Testing
Acceptable Use Policy
Access Control Policy
Access Monitoring Policy
Asset Management Policy
Awareness & Training Policy
Backup Management Plan
Backup Policy
Business Continuity (BC) Policy
BYOD Policy
Data Classification & Handling Policy
Data Destruction & Record Retention Policy
Encryption Policy
HR Policies
ISMS Policy
Password Policy
Physical & Environmental Security
Risk Management Policy
Security Incident Response Policy
Software Development Lifecycle
Third-Party Risk Management Policy
Vulnerability Management & Remediation Policy

Product Security

Audit Logging
Data Security
Integrations
View more

Reports & Docs

HIPAA Report
HIPAA Security Whitepaper
Network Diagrams
View more

Self-Assessments

CAIQ
NIST
SIG Lite
View more

Data Security

Backups Enabled
Data Erasure
Encryption At-Rest (eg Bring Your Own Key)
View more

App Security

Code Analysis
Software Development Lifecycle
Vulnerability & Patch Management
View more

Data Privacy

Data Breach Notifications
Employee Privacy Training
Privacy Officer
View more

Access Control

Collected Data Access
Infrastructure Logging
Password Security

Business Continuity / Disaster Recovery

Amazon Web Services
Anti-DDoS
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Firewall
IDS/IPS
SIEM
View more

Corporate Security

Asset Management
Email Protection
Employee Training
View more

Policies & Plans

Acceptable Use Policy
Access Control Policy
Access Monitoring Policy
View more

Security Grades

SecurityScorecard
treasuredata.com
Security Scorecard B grade
treasuredata.co.jp
Security Scorecard A grade

Trust Center Updates

2023 ISO/IEC 27001 Certificate Now Available + Additional Compliance with ISO/IEC 27017 and 27018!

ComplianceCopy link

Treasure Data has completed our annual ISO/IEC 27001:2013 audit and received our updated 2023 certificate. Additionally, to further bolster our compliance program and meet our customer’s expectations, we are excited to announce compliance with two additional ISO standards - ISO/IEC 27017:2015 and ISO/IEC 27018:2019! Customers can view and download the applicable certificates within the ISO 27001 card of our Trust and Security Center.

Published at N/A

2023 SOC 2/3 Type 2 PLUS HIPAA External Audit Report Now Available!

ComplianceCopy link

Treasure Data has completed the 2023 SOC 2/3 Type 2 PLUS HIPAA external audit covering controls within Treasure Data’s Enterprise Customer Data Platform (CDP) from January 1, 2023 to December 31, 2023. Our external auditor, A-LIGN, has informed us that no exceptions were identified. Customers can view and download Treasure Data’s most recent external audit report under the SOC 2 Type 2 Report and SOC 3 Type 2 Report card of our Trust and Security Center.

Published at N/A

2023 Type 2 SOC 2 / SOC 3 PLUS HIPAA External Audit Fieldwork Completed

ComplianceCopy link

Treasure Data has completed the 2023 Type 2 SOC 2 / SOC 3 PLUS HIPAA external audit fieldwork. Our external auditors, A-LIGN, have informed us that no exceptions were identified. To see the 2023 Type 2 SOC 2 / 3 Confirmation of Audit Opinion, visit the SOC 2 Type 2 Report card on our Trust and Security Center. We are on track to receive the final reports in early 2024 and will notify all stakeholders via Trust Center Updates once published.

Published at N/A

Updated 2023 Policies Now Available!

GeneralCopy link

Treasure Data has reviewed and updated all IT + Security (ITS) policies for 2023. Customers can view and download Treasure Data's latest ITS policies under the Policies & Plans card of our Trust and Security Center.

Published at N/A

Curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)

VulnerabilitiesCopy link

Treasure Data is aware of CVE-2023-38545 and CVE-2023-38546, a heap buffer overflow in curl and libcurl between 7.69.0 and 8.3.0. These vulnerabilities affect curl/libcurl only in limited cases. This is because the vulnerabilities only exist when curl/libcurl is used through a SOCKS5 proxy with a specific set of configurations. These vulnerabilities were rated as high; however, few cloud workloads will meet the aforementioned preconditions and experts believe the risk of widespread exploitation is low. Exploiting these vulnerabilities requires local access to the system with sufficient access to create specific, named files. Upon learning of the CVEs, Treasure Data’s Security team investigated to determine if the CVEs were present within our network. Via the use of AWS Inspector, Treasure Data determined the CVEs were present within applicable production environments. At this time, Treasure Data has no evidence of any impact on the confidentiality, integrity, or availability of data stored in the Treasure Data CDP due to the aforementioned CVEs. Treasure Data has updated our base images used in production to address these CVEs. All production instances will be patched upon their next scheduled rotation, no later than 30 days. No action is required by Treasure Data customers.

Published at N/A

2023 Security Incident Response Plan (SIRP) and Annual Test Results Now Available!

GeneralCopy link

Treasure Data has reviewed and updated the SIRP, as well as conducted a corresponding tabletop exercise. Treasure Data’s annual SIRP tabletop exercise provides an opportunity to practice and prepare for security incidents in a controlled environment. It also allows the Treasure Data teams to test their plans, procedures, and coordination without the pressure of a real incident. Customers can obtain Treasure Data’s most recent SIRP and Test Results by clicking on the Security Incident Response Planning & Testing card in the “Reports” section of our Trust & Security Center.

Published at N/A

2023 Penetration Testing Results Report Now Available!

GeneralCopy link

Treasure Data is excited to announce the completion of our annual independent penetration testing for 2023. Treasure Data engaged a penetration testing third party, NetSPI LLC., to conduct External Network, Web Application, and API testing of Treasures Data’s Customer Data Platform (CDP) in a production environment between August 8 - 25, 2023. Customers can obtain the Penetration Testing Results Report under the "Documents" section of our Trust and Security Center. This report includes Penetration Test Report Summaries by NetSPI and remediation plan/acceptance details by Treasure Data for high and medium vulnerabilities.

Published at N/A

Securing Customer Data Whitepaper Now Available!

GeneralCopy link

Treasure Data (TD) has published a new whitepaper on how customer data is secured and protected! This whitepaper dives deep into the administrative, technical, and physical safeguards TD has implemented to ensure the confidentiality, integrity, and availability of the CDP and customer data. Customers can obtain this Whitepaper under the "Reports" section of our Trust and Security Center.

Published at N/A

2G3M Compliance

ComplianceCopy link

Treasure Data (TD) is excited to announce that we have completed a mapping of internal security controls to the regulation that governs Japanese medical institutions on the use of third-party services, collectively known as “Two Guidelines from Three Ministries (2G3M).” As part of the mapping exercise, we have published (1) a dedicated Whitepaper, and (2) a Controls Mapping document, both are available within our Trust & Security Center. The Controls Mapping document and Whitepaper will help our customers understand how our CDP supports compliance with 2G3M and provides peace of mind that your data is safe with us. For additional information, please reach out to the TD Sales team or your Customer Success Manager.

Published at N/A

Updated Privacy Mark Certification now available!

ComplianceCopy link

Treasure Data is pleased to announce that we have received our updated Privacy Mark Certification valid until February 2025. You can obtain a copy of the Certificate by clicking on the “Privacy Mark” card in the “Documents” section of our Trust & Security Center. This Certification is the validation of Treasure Data’s compliance with Japanese privacy legislation and our commitment to providing a safe and secure platform that our customers can continue to trust and rely on.

Published at N/A

MOVEit Transfer (CVE-2023-34362)

VulnerabilitiesCopy link

Treasure Data does not use MOVEit Transfer for FTP/SFTP services and is not impacted by the recent announcement of a zero-day vulnerability actively being exploited. Customers who use MOVEit Transfer should review available information and follow the recommended remediation activities provided by Progress (MOVEit service provider).

Refer to the following blog by Progress for more info: https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability

Published at N/A

Bridge Letters now available!

ComplianceCopy link

Bridge Letters (aka Gap Letters) for our most recent SOC 2 Type 2, HIPAA report, and PrivacyMark certification are now available! You can obtain the letters by clicking on the applicable card in the “Documents” section. What are Bridge Letters? A Bridge Letter bridges the gap between the end date of the review period from the applicable audit report/certification and the date of the bridge letter. The letter is designed to identify and address any material changes in Treasure Data's internal control environment that have occurred during the “gap” period covered by the letter.

Published at N/A

Welcome to TD's Trust & Security Center!

GeneralCopy link

Treasure Data understands that prospective and existing customers need assurances over our security and privacy practices. In order to provide these assurances with speed and efficiency in mind, we’ve created the Treasure Data Trust & Security Center!

The Trust & Security Center's objective is to be a centralized self-service portal for all Security and Privacy information regarding Treasure Data’s CDP. The portal offers on-demand access to the most common artifacts typically requested via email, as well as supplemental artifacts to help ensure customers can perform due diligence.

Looking for more information? Prospective customers should reach out to our Sales team here if you're interested in learning more about our CDP. Existing customers should reach out to your Customer Success Manager if you're interested in more information.

Published at N/A

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo