Data Security Policies and Procedures | Talla

Data Security at Talla

Data security is more than a box to be checked at Talla.
It is at the core of everything we do.

Compliance

SOC 2

Service Organization Controls (Soc2) (Type II)

Trust Services Principles

Privacy Shield

EU-US Privacy Shield

EU/Swiss Privacy Shield

Data Security and Privacy Features

Product Security

Teams and Slack Users

Talla allows Microsoft Teams and Slack users to be authenticated via their chat platforms. Both platforms support 2FA. Talla encourages organizations using this form of authentication to enable 2FA.

Single Sign-on (SSO)

Talla allows users to authenticate using their own systems, without requiring additional login credentials. Talla supports both OAuth and SAML.

Groups, Permissions & Roles

Talla provides the ability to segment users into groups and to restrict access to data based on the groups a user is a member of. Users are also assigned roles within a group which further restrict the activities a user is allowed to perform. This Talla help document provides additional information on best practices when deploying Groups, Permissions, and Roles.

Data Protection

Data at Rest

Talla uses AES-256 to encrypt data at rest and AWS for key management.

Backup and Recovery

Talla maintains daily backups and versioning of user’s data on an internal system.  Therefore, the worst case Recover Response Objective (RPO) is 24 hours.

Virtual Server Access

Talla servers all reside within our own virtual private cloud (VPS) with access control lists (ACL) that prevent unauthorized requests to the Talla internal network.

Physical Security

The Talla Service is hosted in Amazon Web Services (AWS) facilities (US). AWS provides robust, physical data center security and environmental controls. For more information about the AWS controls see:

AWS Compliance

AWS Cloud Security

Google Cloud Security

Additional Security Information

Training

All employees complete Security and Awareness training annually.

Policies

Talla developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting

Talla performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality

All employee contracts include a confidentiality agreement.

PCI Obligations

Talla uses Stripe for all payment processing and does not maintain any customer payment information in the service.

Training and Awareness

All Talla employees and contractors are required to attend security training as part of the onboarding process and refresher training at a minimum of once per year.

Developer Security Training

All developers are required to take additional training for application-specific security requirements. This is also done via onboarding and at a minimum of annually thereafter.


Security Questions?

If you think you may have found a security vulnerability, please get in touch with our security team at security@talla.com

Learn more about Talla by reading our Terms of Use and Privacy Policy.