The Trust Surface Framework (TSF) is a governance model for understanding, measuring, and managing digital trust.
Modern organisations rely on digital systems to communicate, deliver services, and interact with stakeholders. These systems emit observable signals that influence how trustworthy an organisation appears online.
The Trust Surface Framework introduces a structured way to identify these signals and integrate them into governance and risk management practices.
This repository contains the initial draft of the framework and is published to encourage discussion and consultation.
Stakeholders increasingly evaluate organisations through their digital presence.
Examples include:
- whether email communications appear authentic
- whether websites and services behave reliably
- whether domain names and infrastructure appear legitimate
- whether third-party platforms are responsibly governed
Failures in these areas can quickly erode confidence, even when internal systems remain secure.
Many existing technology and cybersecurity frameworks focus on internal controls and compliance.
The Trust Surface Framework focuses on observable signals that influence trust perception.
The framework introduces three key concepts.
The collection of digital systems through which stakeholders interact with an organisation’s digital presence.
Examples include domains, email systems, digital services, infrastructure platforms, and vendor integrations.
Observable indicators that demonstrate the trust posture of digital systems.
Examples include:
- email authentication policies
- DNS integrity
- encryption configuration
- service reliability indicators
- vendor security attestations
These signals provide measurable evidence of digital trust.
A structured process for managing digital trust posture.
Discover → Assess → Harden → Govern → Signal
This lifecycle enables organisations to identify trust signals, strengthen weak areas, and integrate trust considerations into governance.
The framework defines six primary domains that shape an organisation’s Trust Surface.
- Identity
- Domains & DNS
- Email Integrity
- Digital Services
- Infrastructure & Platforms
- Third-Party Ecosystem
Each domain emits trust signals that influence stakeholder confidence.
The framework currently consists of the following documents.
Digital Trust Problem
Trust Principles
Trust Surface Definition
Trust Surface Map
Trust Signal Catalogue
Trust Surface Lifecycle
These documents collectively describe:
- why digital trust matters
- where trust is experienced
- how trust signals can be measured
- how organisations can govern digital trust
The Trust Surface Framework is designed for:
- boards and executive leadership
- governance and risk professionals
- technology leaders
- cybersecurity practitioners
- organisations seeking clearer ways to discuss digital trust
It provides a shared language for discussing how digital systems influence trust.
This repository contains Trust Surface Framework v0.1, an early draft published for consultation and discussion.
The framework is expected to evolve through feedback and real-world application.
Digital trust is a complex and evolving topic.
Constructive feedback from practitioners, governance leaders, and researchers is welcome.
Suggestions, discussion, and critique are encouraged as the framework develops.
This framework is published for open discussion and consultation.
Licensing terms will be defined in a future version of the framework.
Future iterations of the framework may include:
- expanded Trust Signal catalogues
- implementation guidance for organisations
- governance integration models
- case studies demonstrating Trust Surface assessments
This repository exists to support transparent development of the Trust Surface Framework and to provide a shared reference for discussions about digital trust governance.