TrustSurface is a neutral, evidence-led framework for identifying, measuring, and governing the observable trust signals an organisation emits at its digital edge.

It exists because organisations can be internally well-controlled and still appear untrustworthy through weak signals: spoofable email, brittle DNS, inconsistent identity boundaries, unreliable services, and unmanaged third-party integrations.

Overview Model Components Governance Glossary Examples

What this framework is

TrustSurface is a lens, not a control framework. It complements ISO 27001, NIST CSF, COBIT, ASD Essential Eight, ISM, and PSPF by making externally observable trust posture discussable and evidence-based.

How it works

Overview → what the framework is Model → trust surface, signals, posture, and gap Components → the six Trust Surface domains Governance → Discover → Assess → Harden → Govern → Signal

Quick navigation

Framework overview

OverviewWhat the framework is and how to use it.

Core model

ModelTrust Surface, Trust Signals, Trust Posture, Trust Signal Gap.

Components

DomainsIdentity boundary, domains & DNS, email integrity, digital services, infrastructure & platforms, third-party ecosystem.

Governance

LifecycleDiscover → Assess → Harden → Govern → Signal.

Glossary

VocabularyStable definitions for the framework vocabulary.

Examples

PatternsWorked example and board questions.