Views:

Which compliance certifications does TrendAI Vision One hold?

TrendAI Vision One is verified for ISO 27001, ISO 27017, and SOC2/3 to meet global security and privacy standards.

TrendAI Vision One is currently verified as compliant with ISO 27001, ISO 27017 & SOC2/3. A complete list of Certificates can be found on Trend Micro's Product Security & Certifications page.

How is data protected during transmission and storage?

All information processed by TrendAI Vision One is encrypted both in transit and at rest within the customer's selected geographic region.

Information processed by TrendAI Vision One is encrypted both in transit and at rest and sent to the TrendAI Vision One node in the region the customer selects during initial setup.

Data at rest is protected by native cloud technologies specific to the cloud environment on which it resides. Customer data is tagged with a “Customer ID” during ingestion as part of the data schema. Trend Micro’s application’s internal data access layer requires this “Customer ID” parameter to access the data. This measure protects customer data from being accessed by any other party, as queries may only access one “Customer ID” at a time. Customers do not provide the “Customer ID” directly when interacting with the service; it is handled by the application itself. This ensures there is no way for a malicious actor to pass the wrong customer ID to access another data set.

TrendAI Vision One uses TLS 1.2 wherever possible for data transmission. (Supported Ciphers include: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and others protecting the integrity of your data flow).

How frequently is the platform’s security assessed?

TrendAI Vision One undergoes continuous security testing through automated tools and independent third-party manual assessments.

The TrendAI Vision One platform undergoes regular security assessments, both automated and manual, including external 3rd-party assessments to identify and mitigate potential vulnerabilities.

What are the data retention policies?

Data is typically retained for 30 to 180 days, depending on the data type and the status of the customer license.

TrendAI Vision One applies retention policies that purge data once it is no longer needed for the purpose for which it was collected:

  1. Raw Information: Retained for 30 days by default (up to 365 days with extended storage).
  2. Alert Workbenches: Retained for 180 days for investigation and reporting purposes.
  3. License Expiration: All data is deleted 30 days after the license expiration grace period ends.

What security settings can customers configure?

Customers maintain control over their data residency and user permissions through granular configuration options.

To configure your security environment, you can follow these steps:

  1. Select a preferred TrendAI Vision One region during setup for data storage and processing.
  2. Assign Role-Based Access Control (RBAC) to limit user functions.
  3. Enable or disable Support Access for Trend Micro technicians.
  4. Set specific permissions for response actions or file collection.

Who at Trend Micro can access my data?

Access is strictly limited to authorized Site Reliability Engineers and research teams for the purpose of maintaining security protections.

Access to information in TrendAI Vision One is restricted to Trend Micro’s Site Reliability Engineers (SREs), threat research and analytics teams, and—when enabled in the console—customer support teams. Access is allowed for the purposes of troubleshooting, solving issues, and improving the effectiveness of security protections. All access is recorded and audited. Access privileges are managed and approved by the product leadership team. Information in TrendAI Vision One may be accessed/viewed by the above Trend Micro teams from physical locations outside of the customer's deployed region.

How long are audit logs stored?

Audit logs for all user actions are generated automatically and stored for a period of 180 days.

Audit Logs are generated and stored for all access and actions taken by users to TrendAI Vision One systems. TrendAI Vision One retains the audit logs for 180 days. Customers can view customer access logs in their console and can export them if needed for compliance or internal review.

Where can I find TrendAI Vision One data flow diagrams?

Visual representations of data movement between sensors and the TrendAI Vision One platform are provided below.

  • Stand Alone TrendAI Vision One Endpoint Sensor

    Stand Alone Vision One Endpoint Sensor

  • Apex One SaaS + Integrated Endpoint Sensor

    Apex One SaaS + integrated Endpoint Sensor

Where can I find more details on data processing?

Additional resources regarding sub-processors and data collection are available through our legal and support knowledge base.

Keywords: how does trendai vision one protect data, is trend vision one soc2 compliant, where is trendai vision one data stored, trendai vision one data retention policy, how to manage trend vision one user roles, trend micro cloud security compliance certifications, trend vision one data encryption standards