Trust Center

We are proud to announce that Red Cup IT has officially achieved ISO/IEC 42001:2023 certification, the global standard for Artificial Intelligence Management Systems (AIMS).

This milestone positions Red Cup IT as one of the very first MSP/MSSPs globally to validate our AI operations against this rigorous international standard. While many in our industry are beginning to explore AI, we have moved fast to secure it.

Why this matters: This certification complements our existing security frameworks (such as ISO 27001 / SOC 2) by specifically addressing the unique attack surfaces, ethical governance, and data integrity challenges posed by Artificial Intelligence. It validates that we have implemented a comprehensive system to manage AI risks, ensuring that our innovation never comes at the cost of security.

What this means for our stakeholders:

A Partner Ahead of the Curve: You are partnering with an MSP/MSSP that doesn't just use modern technology, but adheres to the strictest standards governing it.

Verified Controls: Our AI workflows, vendor selection, and internal tools are subject to continuous risk assessment and independent audit.

Future-Proof Compliance: As regulations around AI tighten globally, Red Cup IT is already aligned with the premier benchmark for responsible AI usage.

Accessing the Artifacts: The official ISO 42001 certificate and our updated compliance details are now available for review. Please navigate to the Documents section of this Trust Center to view or download these artifacts.

We are aware of a recent supply chain attack campaign in which a malicious actor leveraged compromised OAuth tokens from the Salesloft Drift integration to access Salesforce customer data and, in a limited number of cases, Google Workspace email accounts.

• Between August 8 and August 18, 2025, attackers gained unauthorized access using stolen OAuth tokens from the Drift AI integration linked to Salesloft and Salesforce.
• Google confirmed that, on August 9, attackers accessed email from a very small number of Google Workspace accounts that had been specifically integrated with Drift Email.
• Only organizations that specifically integrated their Google Workspace or Salesforce environments with Drift (via Salesloft) are at risk.
• There is no indication that unrelated Google Workspace or Salesforce accounts (not using Drift/Drift Email) were impacted.

Immediate Action Items

• Revoke all OAuth tokens and credentials associated with Drift or Salesloft integrations immediately.
• Rotate all secrets, API keys, and reset any credentials exposed to Drift.
• Review all third-party integrations connected to Drift or Salesloft. Investigate any signs of unauthorized access or suspicious activity since August 8, 2025.
• Monitor your users and domains for unusual login attempts, especially those with Drift integrations.

What we did;

• We have completed all recommended vendor and platform response actions following the recent supply chain data theft campaign targeting Salesforce instances via the Salesloft Drift integration.
• All OAuth tokens and credentials associated with Drift or Salesloft integrations have been revoked and reset.
• Vulnerable integrations have been disconnected and reviewed for suspicious activity.

Ongoing monitoring is in place, and no further activity by the actor has been detected.
No core systems or unrelated data were affected. If new information becomes available, we will provide timely updates.
If you have specific concerns about your Salesforce integration or need additional support, please get in touch with our security team.

Recently, the security team here at Red Cup IT became aware of the news surrounding a high-impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that this vulnerability does not impact Red Cup IT.

We do not leverage this technology/software within our product, and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Thanks, and please reach out with any questions.
Team Red Cup IT

Red Cup IT does not use CircleCI for continuous integration and continuous delivery.

Red Cup IT does not use Microsoft Exchange Server (Cloud or On-Premise)