Elevate your field service operations with an enterprise-grade platform
Keep pace with your security and compliance standards
Large-scale enterprises have clear policies and strict guidelines on IT and how it’s used within the organization.
Broaden your field capabilities with a solution that does the job without sacrificing security or compliance.
Rules exist to ensure data security, maintain regulatory compliance, and prevent the incidence of shadow IT that can expose the business to significant risk. Highly regulated operations must meet even higher standards before any new technology can be integrated into their infrastructure.
As a result, however, field leaders often encounter roadblocks in adding software that may be critical to the work they do, complicating an otherwise simple extension.
In step with your compliance requirements
Enterprises often deal with sensitive customer data with specific policies set by industry regulators. TrueContext maintains compliance with these frameworks on an ongoing basis so customers can integrate our solution into their IT systems with confidence.
TrueContext is third-party-verified for the HIPAA Security Rule and HITECH act to ensure all electronic health information is protected.
SOC 2 Type II
Internal controls for security, confidentiality, and availability of customer data within the platform are regularly evaluated and certified.
A Title 21 CFR Part 11 seal guarantees the validity, security, and audit visibility of electronic records and electronic signatures.
Getting security right is important to TrueContext, so we are constantly striving to maintain and improve our security program. TrueContext subscribes to news and updates from industry leaders in security and vulnerability management, which equips us to stay ahead of any risks. Don’t just take our word for it, we take on regular audits to verify our security and privacy practices and operations.
Auditor attestations available upon request.
A platform that values data as much as you do
Over 99.9% system availability
Data-on-demand is the cornerstone of a modern, digital-first organization. Interruptions of any kind or duration can create blind spots in decision-making other critical business functions. TrueContext maintains over 99.9% data availability by using safeguards that detect and address system performance issues, with a team of on-call support staff ready to respond to and resolve incidents. Incident response and disaster recovery plans are routinely rehearsed and evaluated to stay ahead of the ever-evolving security landscape.
Our solution uses TLS 1.2 encryption for data in transit and AES 256 at rest to ensure that customer data is always protected. TrueContext developers receive regular training in secure coding practices, and all code is rigorously examined for vulnerabilities prior to each release. Third-party penetration testing and resolution is also a crucial part of the development process, resulting in an app with bulletproof security.
Easy to deploy, even easier to manage
Integrate TrueContext with optimized native performance no matter what platform your teams are on. The app works with iOS, macOS, Android, and Windows mobile devices and can be managed easily through existing MDM solutions or directly through your app stores.
Technology-driven security standards can only go so far if the underlying procedures are not up to the task. How customer data is handled is an equally important part of the equation and our processes support this.
Data and access management
Data can be stored on TrueContext servers or a preferred destination. The platform is also compatible with many identity management protocols (EMM, SSO, etc.) Our platform also allows you to set password complexity policies for your users. Passwords are hashed and salted so no one can gain unauthorized access.
Internally, TrueContext staff must pass a background check and complete monthly security training. The principle of least privilege applies to the entire organization – only those who need it have access to sensitive systems and data. These systems are carefully monitored to keep our customers’ data secure.
Your window into the field, integrated directly with your current systems
Its integration with our CRM tools in our offices make it very easy to keep track of all details of our customers. On data security, this tool prevent other unauthorised parties from accessing our sensitive data through data encryption.
This tool is highly secure and easy to scale. I like how this tool meets compliance requirements by reducing compliance risks/incidence.
We can smoothly import and export data thanks to the integrations with software like Salesforce and Dropbox.
Frequently Asked Questions
How does TrueContext keep my data secure?
TrueContext takes the security of your data very seriously. Your information is encrypted in our systems—at rest and in-transit—at all times. Our systems are tightly controlled through comprehensive security policies and multi-layered access control systems. TrueContext critical systems are secured using an enterprise-grade corporate identity management system, including the use of multi-factor authentication and robust password policies. We conduct ongoing compliance audits, penetration testing, and automated security scans. We offer 24/7 service operations and employ dedicated incident management teams.
How is my data secured on hosted systems in the cloud?
All customer data is encrypted with the AES-256 cipher in our cloud hosted systems. We encrypt all data over HTTPS using TLS when in-transit to and from our cloud-hosted systems to customers’ apps.
Is my data also secured on iOS and Android mobile devices?
Yes. Your data is encrypted within the TrueContext app on iOS and Android as long as a passcode is enforced.
Can I access TrueContext via single sign-on (SSO)?
Yes. TrueContext supports SSO for both mobile app and web portal access.
Has TrueContext achieved SOC 2 compliance?
Yes. We have attained SOC2 Type I and Type II compliance. Our SOC 3 report is available upon request, please use the form at the bottom of this page. A detailed report is available under our non-disclosure agreement.
What’s the difference between SOC 2 Type II and other compliance certifications (such as ISO)?
SOC 2 Type II is a comprehensive assessment for an ongoing period of time. ISO, and similar certifications, are assessments at a specific point in time. SOC 2 Type II compliance enables us to demonstrate an ongoing commitment to internal control environment, policies, and procedures.
Is TrueContext HIPAA Security Rule and HITECH Act compliant?
Yes. A certified third party has verified that our controls have been evaluated against the HIPAA Security Rule and HITECH Act. It is your responsibility to ensure you have an adequate compliance program, internal processes, and that your use of TrueContext services aligns with HIPAA and the HITECH Act. Use of TrueContext contributes to HIPAA compliance, but does not guarantee it.
Can TrueContext’s employees simply view the data in our TrueContext account?
No. TrueContext employees are prohibited—through defined organizational policies and access control systems—from viewing the data you import. Employees can access your data only after you provide explicit permission through the TrueContext portal
Does TrueContext screen employees prior to hiring?
Yes. All prospective TrueContext employees must submit to a detailed background check. The background check includes criminal, education, and past employment verification.
Do TrueContext employees adhere to secure coding guidelines?
Yes. All TrueContext developers are trained on secure coding practices (i.e. OWASP) annually. All code is double-checked using a comprehensive code review process, which enforces secure coding standards before going live.
Does TrueContext sign data processing agreements?
Yes. TrueContext has signed and works with customers to put a mutually agreed data processing agreement in place.
Does TrueContext have 24/7 security incident management capabilities?
Yes. We employ a 24/7 service operations and engineering team that monitors and resolves incidents as they occur. We use industry leading application performance monitoring and log analysis systems.
Does TrueContext have a disaster recovery strategy?
Yes. Our disaster recovery strategy has guidelines for competitive recovery point objective (RPO) and recovery time objective (RTO). We offer a RPO of 24 hours, which reflects the current handling of database snapshots. We offer a RTO of six hours, which is reflective of the time required to launch services and restore data to the recovery environment. We test the reliability of our disaster recovery strategy every quarter.
What steps has TrueContext taken to proactively mitigate Distributed Denial of Service (DDOS) attacks and other malicious attacks?
TrueContext uses Amazon Web Services’ Web Application Firewall (WAF) and Shield to minimize the effects of a DDOS attack. Both WAF and Shield allow us to permit or limit traffic through the use of custom security rules. We can also define additional WAF rules to pre-emptively block a wide range of malicious attacks.
Does TrueContext offer any specific technology for customers who provide regulated services, such as those in the medical field?
Yes. TrueContext offers many special capabilities—including, but not limited to: Data Pass-Through, Enterprise Mobility Management and Mobile Device Management, End-to-End Data Encryption, Single Sign On, User Policy Management, Authentication Management