Controls are the foundations of your SOC 2 compliance efforts. They define how your business...
Read-Only and Auditor Accounts
Trustero now supports two new roles for user accounts: read-only and auditor.
Read-only accounts are for users who should be able to see the contents of your Trustero account, but not edit anything. This is great for stakeholders who need visibility, but aren’t hands-on practitioners.
Auditor accounts are for use by 3rd-party auditors you invite into your account to conduct an audit. Auditor accounts are “read-mostly.” Auditors will only be able to make these changes:
- Create and edit document requests
- Change control status
Everything else will be read-only to them.
In addition, auditors have some things they can’t see at all:
- They only have access to the specific audit they’ve been invited into, rather than all audits and continuous compliance mode like other users.
- They can’t see the Compliance Roadmap
- They can’t see anything on the Analyze menu:
- Audit scans
- Questionnaires
- SOC 2 report scans
- They can’t see audit scan control check results anywhere, including on the control page, compliance roadmap, controls with control checks CSV download, etc.
Adding a new user and picking the role
To add users with either a read-only or auditor role, a Trustero account administrator follows these steps:
- Navigate to the Settings -> Users page
- Select Invite New User
- Select the role
- Enter the new user’s email address
In addition, Trustero account administrators can also edit existing users’ permissions
- Navigate to the Settings -> Users page
- Select a new role from the dropdown menu for the user you want to change