Compliance
Helping our customers
complete their compliance
screenings and due diligence.
We continuously look for opportunities to improve the dynamic technology landscape
To give you a highly secure, scalable system that delivers a great experience.
Customer data security is an essential part of our product, processes, and team culture. Our facilities, processes, and systems are reliable, robust, and tested by reputed quality control, data security organizations, internal and external auditors.
Tekion adheres to the Gramm Leech Bliley Act (GLBA), the California Privacy Rights Act (CPRA), General Data Protection Act (GDPR), and other privacy and security laws.
GLBA
Complying with the GLBA puts financial institutions at lower risk of penalties or reputational damage caused by unauthorized sharing or loss of private customer data.
Read more
Data Processing Addendum
This addendum addresses our data obligations to you, including under CPRA, GDPR, and GLBA.
Read more
Certifications, Attestations, Standards, and Regulations
SOC1
Type II report covering internal controls over financial reporting systems
SOC2
Type II report covering Security, Availability and Confidentiality
Frequently Asked Questions
Does Tekion adhere to information security standards and policies?
Yes. Tekion has achieved AICPA SOC 1 and SOC 2 – Type II attestations. Additionally, we have formal policies and procedures addressing how we develop, implement, maintain, and improve our robust information security program. These policies govern, among other thing’s, how our employees and contractors access, store, and secure customer data. The policies follow a similar format, have dedicated owners, and committed review periods, and cover a variety of topics ranging from securing our employees’ assets to responding to security incidents.
Does Tekion perform risk assessments?
Yes. At Tekion we have developed a Risk Management Framework as part of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013 standard and SOC I & II attestation. The information security team assesses security risks annually and on an ongoing basis when major changes occur or when industry changes occur.
Do you limit access to data and your systems?
Yes. Access to customer data and Tekion systems are limited on a need-to-know basis. Our information systems and data are classified and segregated to support role-based access requirements. Additionally, we utilize strong identification and authentication and logging systems to centrally control, monitor, and review all critical access.
Is customer data on Tekion’s products encrypted?
Yes. We use high standards of encryption to secure our customer data at rest and in transit. And as an entirely cloud-based platform, our customers’ data is further secured by the state-of-the-art measures used by our cloud providers, Amazon Web Service and Microsoft Azure.
Do you have a formal disaster recovery and business continuity plan?
Yes, Tekion has a detailed disaster recovery and business continuity plan to ensure that we recover operations quickly and efficiently in case of a disaster. This includes deploying our platform across multiple data centers with replication and implementing strict recovery deadlines to ensure our systems are running again as soon as possible.
Do you monitor third-party vendors to ensure they comply with your security standards?
Yes, we have a supplier relationships procedure that ensures that third-party service providers implement required controls under security frameworks like ISO 27001, SOC 1, SOC 2, and PCI DSS.
Are all Tekion employees and contractors required to sign a non-disclosure agreement?
Yes, all new Tekion hires and contractors sign confidentiality agreements preventing misuse and unauthorized disclosure of customer data. Our employees and contractors have the same confidentiality obligations as we do to our customers.
Does Tekion have a formal incident response plan?
Yes, our incident response plan sets forth internal guidelines for detecting incidents, escalating to security personnel, communication, investigation, mitigation, and root cause analysis. You can find the details in our Data Processing Addendum.
Does Tekion screen its employees?
Yes, we work with third-party agencies to screen all of our employees prior to joining Tekion. Where permitted by law, we conduct credit and criminal checks as well.
Does Tekion use a Software Development LifeCycle (SDLC) process to develop its customer products?
Yes. We have implemented a systems development life cycle (SDLC) procedure to develop our products and services. Our code reviews and analysis are reviewed by automated technology and manual source code overview to identify any security loopholes prior to the production and release. We also conduct regular vulnerability and penetration testing, and correct any identified observations. Once a product has passed our security and quality checks, the new version of the product will be released to our customers.