We're excited to announce that we'll be joining the One Trust family! Together we'll help companies get certified, build trust, and win deals. Find out more about it here on the Helm or check out our official press release. Feel free to leave a comment or question regarding the big news.

Ask An Expert Office Hours (March 4, 2021)

Our next Ask an Expert Office Hours will be on March 4 for an hour at 10am PST.

Todd Chapman from our Customer Success Team will be answering your questions about how to use features of Tugboat's product, how to prepare for your audit, or general inquires about frameworks.

If you are interested in attending, please register here!

If you miss this session, we will be holding Office Hours biweekly on Thursdays. You are also welcome to ask any questions here in the Helm and we'll get to them as soon as we can.

Please note that we will not take product requests or feedback during these sessions, If you have inquiries about our roadmap or future implementations, you are welcome to ask your questions here in the Helm so we can have our Product Team review them. All questions will be moderated during the session.

If you have product feedback, feel free to share it in this category.

We look forward to seeing you there!


  • Concerning Control IC12.2, Segregation of Environment: What guidance do you have for a vendor whose SDLC is Agile for both development and test? In short, our Agile methodology: 1) does not readily “provide evidence to demonstrate test were done in separate development and test environments”, and 2) since development builds are created nightly, and QA tested at one of three locations, the number of changes during the audit period renders the requirement to list all changes completed untenable. Please discuss. If examples of evidence or templates are available for this control, please advise.

  • Thank you for reaching out and for your patience as we looked into this for you. We've done our best to summarize as follows:

    1. It is important to document the process in detail and explain how different environments are created, who creates them, what triggers the QA and testing process, etc. Also, if you are using a ticketing system, or some type of code repository, you'll likely be able to show that the change was tested before it was moved to production. Ultimately, you'll be asked to provide evidence that demonstrates changes are tested before being moved to production.
    2. For obtaining the population of changes, we suggest to pull them from your ticketing system or code repository. We have auto-collect integrations that you may find helpful to meet this requirement. More info is available here - https://community.tugboatlogic.com/categories/integrations

    Have a great day!