A framework for making digital trust visible, assessable, and governable.
TrustSurface is a framework for understanding how digital systems shape stakeholder trust.
It helps organisations:
- identify the systems through which digital trust is experienced
- assess the observable trust signals those systems emit
- understand digital trust posture through evidence rather than assurance language alone
- govern trust posture through ownership, lifecycle, and transparency
TrustSurface focuses on the digital edge: the domains, services, dependencies, and signals through which trust is actually experienced.
It complements cybersecurity, risk, architecture, service, and vendor governance disciplines. It does not replace them.
Framework version: v1.1 public draft
Publication status: Public draft
Primary entry point: TSF-OVR-1 - Framework Overview
The current normative framework set is:
- TSF-DEF-1 - Trust Surface Definition
- TSF-MOD-1 - Trust Surface Model & Domains
- TSF-LIF-1 - Trust Surface Lifecycle
- TSF-GOV-1 - Governance Integration Model
- TSF-GLO-1 - Glossary
- TSF-SPEC-1 - One-page Specification
Informative, Guidance, and Operational artefacts support this set but do not override it.
TrustSurface models digital trust through a connected chain:
Trust Surface domains → Trust Signals → Trust Signal Scorecard → Digital Trust Posture → Trust Surface Lifecycle → Governance Integration → Trust signalling and continuous improvement
The six-domain baseline is:
- Identity
- Domains & DNS
- Email Integrity
- Digital Services
- Infrastructure & Platforms
- Third-Party Ecosystem
trust-surface-framework/
├── README.md
├── docs/
│ ├── 01-start-here/ Framework overview, one-page specification
│ ├── 02-core-framework/ Normative and core informative artefacts
│ ├── 03-application/ Assessment method, examples, adoption guidance
│ ├── 04-publication-control/ Document register, versioning, citation, licence
│ └── 05-narrative/ Origin and context
└── artefacts/
└── diagrams/ Controlled SVG diagrams (TSF-01 through TSF-08)
- TSF-OVR-1 - Framework Overview
- TSF-PRI-1 - Trust Principles
- TSF-DEF-1 - Trust Surface Definition
- TSF-MOD-1 - Trust Surface Model & Domains
- TSF-SIG-1 - Trust Signal Catalogue
- TSF-LIF-1 - Trust Surface Lifecycle
- TSF-GOV-1 - Governance Integration Model
- TSF-MTH-1 - Assessment Method
- TSF-MAT-1 - Digital Trust Maturity Model
- TSF-MTH-1 - Assessment Method
- TSF-EXM-1 - Worked Example - Email Integrity
- TSF-ADP-1 - Adoption Guidance
- TSF-BRD-1 - Board Questions
- TSF-CMP-1 - Comparative Positioning & Reference Mappings
- TSF-REG-1 - Document Register
- TSF-VPOL-1 - Versioning & Normative Boundary Policy
- TSF-ART-1 - Diagram Library & Artefact Register
- TSF-CIT-1 - Citation Guidance
- TSF-CHG-1 - Public Changelog & Release Notes
- TSF-CNS-1 - Consultation & Contribution Guidance
TrustSurface is not:
- a replacement for cybersecurity frameworks
- a full attack surface management model
- a purely brand or communications-based trust method
- a product-specific implementation standard
- a claim that digital trust can be reduced to one single number without interpretation
It is a framework for making digital trust visible, assessable, and governable over time.
TrustSurface Framework content is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
Chetcuti, Bryan. (2026). TrustSurface Framework (v1.1 public draft). trustsurface.org.
See TSF-CIT-1 for full citation and attribution guidance.
Feedback and contributions are welcome. See TSF-CNS-1 - Consultation & Contribution Guidance.