Yes. Tekion has achieved AICPA SOC 1 and SOC 2 – Type II attestations. Additionally, we have formal policies and procedures addressing how we develop, implement, maintain, and improve our robust information security program. These policies govern, among other thing’s, how our employees and contractors access, store, and secure customer data. The policies follow a similar format, have dedicated owners, and committed review periods, and cover a variety of topics ranging from securing our employees’ assets to responding to security incidents.

Yes. At Tekion we have developed a Risk Management Framework as part of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013 standard and SOC I & II attestation. The information security team assesses security risks annually and on an ongoing basis when major changes occur or when industry changes occur.

Yes. Access to customer data and Tekion systems are limited on a need-to-know basis. Our information systems and data are classified and segregated to support role-based access requirements. Additionally, we utilize strong identification and authentication and logging systems to centrally control, monitor, and review all critical access.

Yes. We use high standards of encryption to secure our customer data at rest and in transit. And as an entirely cloud-based platform, our customers’ data is further secured by the state-of-the-art measures used by our cloud providers, Amazon Web Service and Microsoft Azure.

Yes, Tekion has a detailed disaster recovery and business continuity plan to ensure that we recover operations quickly and efficiently in case of a disaster. This includes deploying our platform across multiple data centers with replication and implementing strict recovery deadlines to ensure our systems are running again as soon as possible.

Yes, we have a supplier relationships procedure that ensures that third-party service providers implement required controls under security frameworks like ISO 27001, SOC 1, SOC 2, and PCI DSS.

Yes, all new Tekion hires and contractors sign confidentiality agreements preventing misuse and unauthorized disclosure of customer data. Our employees and contractors have the same confidentiality obligations as we do to our customers.

Yes, our incident response plan sets forth internal guidelines for detecting incidents, escalating to security personnel, communication, investigation, mitigation, and root cause analysis. You can find the details in our Data Processing Addendum.

Yes, we work with third-party agencies to screen all of our employees prior to joining Tekion. Where permitted by law, we conduct credit and criminal checks as well.

Yes. We have implemented a systems development life cycle (SDLC) procedure to develop our products and services. Our code reviews and analysis are reviewed by automated technology and manual source code overview to identify any security loopholes prior to the production and release. We also conduct regular vulnerability and penetration testing, and correct any identified observations. Once a product has passed our security and quality checks, the new version of the product will be released to our customers.