ISO 27001 isn’t the world’s most exhilarating topic. But that’s not why you’re here. Chances are, your company’s thinking about getting certified and you’ll be a key stakeholder for the project. Naturally, you want to know what ISO 27001 is all about. Register now for the July 21 Webinar.

The next Ask an Expert Session Is coming up! Every second Thursday at 10am PST, we host Office Hours with a member of our Customer Success Team to answer your Audit and Product questions. We will not be taking product feedback or requests in these sessions. Register now for our July 22 session!

- Note: due to scheduling conflict, our session was moved from July 15 to July 22. Thank you!

Ask An Expert Office Hours (February 18, 2021)

edited February 11 in Ask an Expert

Join us for our first Ask an Expert Office Hours on February 18 for an hour at 10am PST.

This week we will have Todd Chapman from our Customer Success Team answering your questions. These can be questions about how to use features of Tugboat's product, how to prepare for your audit, or general inquires about frameworks.

If you are interested in attending, please register here!

If you miss this session, we will be holding Office Hours biweekly on Thursdays. You are also welcome to ask any questions here in the Helm and we'll get to them as soon as we can.

Please note that we will not take product requests or feedback during these sessions, If you have inquiries about our roadmap or future implementations, you are welcome to ask your questions here in the Helm so we can have our Product Team review them. All questions will be moderated during the session.

If you have product feedback, feel free to share it in this category.

We look forward to seeing you there!


  • Security / Confidentiality disclaimers in email footers: it’s not unusual to see these when corresponding with health care providers.  We anticipated that we would find this requirement in a SOC2 policy however we have not come across this requirement.  Are we missing it or is this not related to SOC2? Example: “IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email by mistake, please notify the sender immediately and do not disclose the contents to anyone or make copies thereof”

  • Hey @michael_obrien! I got an answer from our CS Team:

    We have a control in the SOC2 framework that is specific to the confidentiality trust category, 

    DS1 - Information Labelling/Classification: The organization has formalized data classification policies and procedures to identify confidential information in the system and to define instructions for handling and labelling confidential information.

    Evidence to satisfy this control can be documents that include footers/watermarks/redacted information. This would be what those footers fall under.

    Please let me know if this helps!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!