Cybersecurity

Lorem ipsum dolor sit amet, consectetur adipiscing elit

Frequently Asked Questions

What Information Security standards does Trellix use for its Information Security Program?

Trellix is aligned with the ISO/IEC international standard to manage information security and is ISO27001, ISO 27017 & ISO 27018 certified. This certificate can be viewed and downloadable within the Trellix Trust Center site.

Frequently Asked Questions

What Information Security standards does Trellix use for its Information Security Program?

Trellix is aligned with the ISO/IEC international standard to manage information security and is ISO27001, ISO 27017 & ISO 27018 certified. This certificate can be viewed and downloadable within the Trellix Trust Center site.

Are Trellix products SOC 2 Type 2 certified?

Selectively, by product. Trellix has completed a number of SOC 2 Type 2 audits and reports are available on the Trellix Trust Center site.

How does Trellix use cryptography to protect its data?

Trellix utilizes a minimum of AES-256-bit encryption for information that is deemed to be highly sensitive data for data at rest. A minimum of TLS v1.2 is utilized for data in transit.

Where are Trellix data centres located?

The location of data centres is not public information. Our cloud providers include Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud Infrastructure.

Do you perform security penetration testing on your systems?

Yes, Trellix regularly performs Penetration Testing on our own systems, to strengthen and protect our systems. Trellix also engages with accredited third-party vendors to perform Penetration Testing on our systems.

Does Trellix conduct vulnerability scans?

Yes, Trellix conducts quarterly vulnerability scans on individual products to self-evaluate security control states.

Does Trellix have a Chief Information Security Officer?

Trellix has a dedicated Information Security team, including a Governance, Risk & Compliance team with CISO leadership.

Does Trellix have Information Security policies and standards in place?

Security policies are developed based on security standards such as ISO 27001. The security policies are reviewed at least annually by the Information Security team and approved by the Chief Information Security Officer (CISO). These policies include, but are not limited to, information handling, system management, incident response, access control, employee accountability and data retention.

Does Trellix have Business Continuity/Disaster Recovery plans in place?

Trellix has a Business Continuity Plan in place. There is a designated team in place to handle all BC and DR responsibilities.

Has Trellix suffered a security breach in the last 5 years?

Since Trellix's inception of July 27th, 2021, there have been no reportable security incidents nor breaches.

How does Trellix notify its customers of security incidents and product updates?

The Trellix Support Notification Service (SNS) is the primary means by which outages, issues and resolutions are communicated to subscribed customers. In addition to providing regular product updates and advisories, during an incident, customers will receive email notification at the address provided upon subscription.