Third-party risk management, simplified
Real-time trust and risk signals from vendors across the platform. Stay ahead of changes that matter.
Search through security and compliance signals across all vendors
MuleSoft
Third Party Integration Vulnerabilities
Integration platform core functionality connects customer systems to numerous third-party APIs, applications, and services. Each integration introduces potential security risks through supply chain vulnerabilities, API misconfigurations, credential exposure, and third-party service compromises. Requires continuous monitoring, security vetting, and governance of integration endpoints.
MuleSoft
Data Training Privacy Risks
AI features powered by OpenAI and Microsoft Azure OpenAI process customer data for generative AI services including content generation and analysis. Risk of sensitive data being transmitted to external AI providers with potential retention in training datasets or exposure through model outputs. Requires data sanitization, user consent management, and careful evaluation of AI data handling policies.
MuleSoft
Iso Iec 42001 2023
ISO/IEC 42001:2023 certification for AI management systems covering Salesforce AI Platform, Agentforce, and AI features (October 1, 2025). Validates comprehensive AI governance, risk management, ethical AI practices, and system reliability with annual surveillance audits for responsible AI deployment.
Drift
Third Party Integration Vulnerabilities
August 2025 critical security breach where financially motivated threat group exploited Drift platform integrations to access connected systems, potentially compromising over 700 organizations including Cloudflare, Zscaler, and Palo Alto Networks. Attackers compromised OAuth tokens through Salesforce integration. Salesloft recommended all Drift customers revoke and rotate existing API keys and engaged cybersecurity firms for forensic investigation.
MuleSoft
Iso 27001 2022
ISO/IEC 27001:2022 certified information security management system validated by third-party auditors (certificate dated July 23, 2025). Comprehensive ISMS covering 114 security controls across organizational security, human resources, operations, and access management domains with annual surveillance audits.
Splunk
Soc 2 Type Ii
Splunk Cloud Platform maintains SOC 2 Type II certification with independent third-party audits validating security, availability, and confidentiality controls. Annual report covers access controls, system monitoring, data protection, and incident response procedures across all Splunk cloud services including Splunk Cloud, Observability Cloud, and SOAR platforms.
MuleSoft
Soc 2 Type Ii
SOC 2 Type II attestation report (June 12, 2025) validating security, availability, processing integrity, confidentiality, and privacy controls over 12-month audit period. Independent evaluation of information security control environment for MuleSoft Cloud Offerings by certified public accountants.
Drift
Iso 27001 2022
Third-party audited ISO/IEC 27001:2022 certification by Schellman validating comprehensive information security management system with annual surveillance audits. Certificate published June 2025 covering Salesloft+Drift platforms with Statement of Applicability detailing 114 security controls.
Drift
Iso 27701 2019
ISO/IEC 27701:2019 Privacy Information Management System certification demonstrating compliance with privacy management requirements. Third-party audited by Schellman with Statement of Applicability published June 2025 covering personal data processing controls.
Drift
Soc 2 Type Ii
Annual SOC 2 Type 2 attestation report validating security, availability, and confidentiality controls through independent assessment. 2024 report published June 2025 with bridge letter extending coverage through July 2025 until new 2025 report availability.