Compliance with ISO/IEC 27001 & ISO/IEC 27701:2019, certified by an accredited auditor, demonstrates that Tekion uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its services. The certificate validates that Tekion has implemented the guidelines and general principles for implementing, maintaining, and improving the management of information security and privacy.

Tekion pursued ISO/IEC 42001 certification to demonstrate responsible AI governance, ensure risk-based and ethical use of AI, align with global compliance and customer expectations, and provide independent assurance on AI controls and oversight.

Tekion manages AI risks through a formal risk management process that includes risk identification, evaluation and classification, by considering any impact arising from the AI Systems based on the defined risk criteria and documented treatment plans with clear ownership, timelines, and ongoing monitoring.

Tekion governs third-party and external AI components by conducting vendor risk assessments, performing security, privacy, and AI risk reviews, enforcing contractual obligations, and periodically reassessing vendors based on their criticality and risk level.

Tekion ensures alignment with responsible AI principles by integrating fairness, transparency, accountability, and safety into our AI policies, risk assessments, and governance processes, with ongoing monitoring throughout the AI system lifecycle.

British Standards Institution (BSI), an ISO certification body accredited by ANSI National Accreditation Board (ANAB) and a member of the International Accreditation Forum (IAF). Certificates issued by BSI are recognized as valid certificates in all countries with an IAF membership. You may validate the certificates on BSI portal by clicking on the link

The ISO 27001 and ISO 27701 certifications are a way to validate Tekion’s Security and Privacy compliance posture and ensure that high quality and trustworthy Information Security and data privacy practices are in place.

Yes. Tekion has achieved AICPA SOC 1 and SOC 2 – Type II attestations. Additionally, we have formal policies and procedures addressing how we develop, implement, maintain, and improve our robust information security program. These policies govern, among other things, how our employees and contractors access, store, and secure customer data. The policies follow a similar format, have dedicated owners, and committed review periods, and cover a variety of topics ranging from securing our employees’ assets to responding to security incidents.

Yes. At Tekion we have developed a Risk Management Framework as part of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013 standard and SOC I & II attestation. The information security team assesses security risks annually and on an ongoing basis when major changes occur or when industry changes occur.

Tekion employs industry-standard encryption to protect your data:

In Transit: All data transmitted between your systems and Tekion is encrypted using TLS 1.2 or higher.

At Rest: Customer data stored in our systems is encrypted using AES-256 encryption.

Cloud Infrastructure: Our cloud providers (AWS and Microsoft Azure) provide additional encryption layers and are SOC 2 and ISO 27001 certified.

For payment data, Tekion Pay uses tokenization—we never see or store actual card numbers.

Yes, Tekion has a detailed disaster recovery and business continuity plan to ensure that we recover operations quickly and efficiently in case of a disaster. This includes deploying our platform across multiple data centers with replication and implementing strict recovery deadlines to ensure our systems are running again as soon as possible.

Yes, we have a supplier relationships procedure that ensures that third-party service providers implement required controls under security frameworks like ISO 27001, SOC 1, SOC 2, and PCI DSS.

Yes, our incident response plan sets forth internal guidelines for detecting incidents, escalating to security personnel, communication, investigation, mitigation, and root cause analysis. You can find the details in our Data Processing Addendum.

Yes, we work with third-party agencies to screen all of our employees prior to joining Tekion. Where permitted by law, we conduct credit and criminal checks as well.

Yes. We have implemented a systems development life cycle (SDLC) procedure to develop our products and services. Our code reviews and analysis are reviewed by automated technology and manual source code overview to identify any security loopholes prior to the production and release. We also conduct regular vulnerability and penetration testing, and correct any identified observations. Once a product has passed our security and quality checks, the new version of the product will be released to our customers.