Compliance & Governance

Internal processes, compliance obligations, and governance frameworks that keep Trove operating reliably and responsibly.

General

• SOPs - Standard operating procedures for key workflows
• Compliance Overview - Regulatory requirements and compliance obligations
• Acceptable Use Policy - What staff can and cannot do with company systems and data
• Change Management SOP - How changes to systems and processes are managed

Compliance & Risk

• Global Data Flow Map & Register - How personal data flows across systems and borders
• DPIA / PIA Template - Template for conducting Data Protection Impact Assessments
• Privacy Impact Assessment Register - Record of completed PIAs
• Breach Response Plan - Steps to take in the event of a data breach
• Incident Response Plan - How security incidents are identified, managed, and resolved
• Data Subject Rights Procedure - How requests from individuals are handled
• Records of Processing Activities (ROPA) - Global register of data processing activities
• Retention & Deletion Policy - Rules for retaining and deleting data
• Third-Party Risk Assessment Template - Framework for assessing risk from vendors and third parties

Governance

• Shared Responsibility Matrix - Responsibilities shared between Trove and its tenants
• Sub-Processor Due Diligence Records - Due diligence conducted on sub-processors
• Annual Compliance Audit Plan - Schedule and scope for annual compliance audits
• Training & Awareness Log - Record of staff compliance and security training