Compliance with ISO/IEC 27001 & ISO/IEC 27701:2019, certified by an accredited auditor, demonstrates that Tekion uses internationally recognized processes and best practices to manage the infrastructure and organization that support and deliver its services. The certificate validates that Tekion has implemented the guidelines and general principles for AWimplementing, maintaining, and improving the management of information security and privacy.

Please send us an email to compliance@tekion.com or request our certificates through our Trust Portal.

British Standards Institution (BSI), an ISO certification body accredited by ANSI National Accreditation Board (ANAB) and a member of the International Accreditation Forum (IAF). Certificates issued by BSI are recognized as valid certificates in all countries with an IAF membership. You may validate the certificates on BSI portal by clicking on the link

The ISO 27001 and ISO 27701 certifications are a way to validate Tekion’s Security and Privacy compliance posture and ensure that high quality and trustworthy Information Security and data privacy practices are in place.

Yes. Tekion conducts the internal and external audits on an annual basis scoping ISO/IEC 27001:2022 and ISO/IEC 27701:2019 frameworks. The continued monitoring process makes it easier to detect potential weak spots and stop breaches before they affect the business.

Yes. Tekion has achieved AICPA SOC 1 and SOC 2 – Type II attestations. Additionally, we have formal policies and procedures addressing how we develop, implement, maintain, and improve our robust information security program. These policies govern, among other thing’s, how our employees and contractors access, store, and secure customer data. The policies follow a similar format, have dedicated owners, and committed review periods, and cover a variety of topics ranging from securing our employees’ assets to responding to security incidents.

Yes. At Tekion we have developed a Risk Management Framework as part of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013 standard and SOC I & II attestation. The information security team assesses security risks annually and on an ongoing basis when major changes occur or when industry changes occur.

Yes. Access to customer data and Tekion systems are limited on a need-to-know basis. Our information systems and data are classified and segregated to support role-based access requirements. Additionally, we utilize strong identification and authentication and logging systems to centrally control, monitor, and review all critical access.

Yes. We use high standards of encryption to secure our customer data at rest and in transit. And as an entirely cloud-based platform, our customers’ data is further secured by the state-of-the-art measures used by our cloud providers, Amazon Web Service and Microsoft Azure.

Yes, Tekion has a detailed disaster recovery and business continuity plan to ensure that we recover operations quickly and efficiently in case of a disaster. This includes deploying our platform across multiple data centers with replication and implementing strict recovery deadlines to ensure our systems are running again as soon as possible.

Yes, we have a supplier relationships procedure that ensures that third-party service providers implement required controls under security frameworks like ISO 27001, SOC 1, SOC 2, and PCI DSS.

Yes, all new Tekion hires and contractors sign confidentiality agreements preventing misuse and unauthorized disclosure of customer data. Our employees and contractors have the same confidentiality obligations as we do to our customers.

Yes, our incident response plan sets forth internal guidelines for detecting incidents, escalating to security personnel, communication, investigation, mitigation, and root cause analysis. You can find the details in our Data Processing Addendum.

Yes, we work with third-party agencies to screen all of our employees prior to joining Tekion. Where permitted by law, we conduct credit and criminal checks as well.

Yes. We have implemented a systems development life cycle (SDLC) procedure to develop our products and services. Our code reviews and analysis are reviewed by automated technology and manual source code overview to identify any security loopholes prior to the production and release. We also conduct regular vulnerability and penetration testing, and correct any identified observations. Once a product has passed our security and quality checks, the new version of the product will be released to our customers.

Tekion Pay is a comprehensive payment platform that centralizes payments from all channels. It minimizes manual data entry, reducing errors and automating reporting for a seamless payment process. By eliminating the need for a third-party processor, it enhances accuracy and streamlines payment collection.

No. Tekion cannot view or access your customer’s card information (e.g., credit or debit card number, card expiration date, or cvv). When a customer pays using Tekion Pay, Tekion receives a hashed (i.e., encrypted number) from the payment terminal instead of the actual card number and details. Tekion passes the hashed information via secure APIs to Stripe™. The hashed information is deleted from Tekion’s systems after it is passed to Stripe.

A hashed number is a scrambled representation of the card number and details – for example, a 16-digit credit card number may appear to Tekion as 1101 1111 1100 0000 instead of the actual card number. Only Stripe has the key to decrypt this hashed information, which it then uses to processes the transaction through the card issuer (e.g., Visa, MasterCard, or American Express). This is a highly secure method used by banks and other financial institutions to send and receive payment card numbers and other sensitive information.

Tekion does not require PCI DSS compliance as card payments through Tekion Pay are processed by Stripe, which powers Tekion Pay. Stripe, as the payment processor, is PCI DSS-certified and maintains the necessary security protocols and compliance certifications to process credit and debit card transactions.

Tekion does not directly access any of your customer’s card details. You can find more information about Stripe’s compliance functions at https://stripe.com/connect/features#compliance-and-security.

Tekion Pay is integrated into ARC, which is secured using the industry’s best security measures. Additionally, we leverage Stripe’s state-of-the-art security measures, on top of what we already provide because Stripe handles all of the payment processing. Stripe adopts rigorous standards to safeguard customer data. Stripe keeps customers’ sensitive data safe by encrypting it both in transit and at rest. Stripe’s infrastructure for primary account numbers (PANs), like credit card numbers, runs in a separate hosting infrastructure, which does not share any credentials with the rest of Stripe’s services. Decryption keys are stored separately as well. Finally, Stripe’s card terminal is certified to the PCI Payment Application Data Security Standard, prohibiting payment applications developed for third parties from storing prohibited secure data. For more information, you can visit Stripe’s security page https://stripe.com/docs/security.

Yes, any applicable reports can be prepared and accessed within Tekion’s system. If necessary, Stripe may also provide any additional year-end tax reporting. Please reach out to your partner success manager for further assistance.

We accept credit/debit card, Apple Pay, Google Pay, and ACH payments.

Yes, you can set transaction limits based on the payment method.

Yes, you can accept payments online via our Consumer Portal, Concierge, and via email and text payment links. We are continuously adding new ways to incorporate digital payments into your business.

Currently, your payouts are made two days after the transaction, if you have set up automatic payouts (all customers will be moved towards automatic payouts in the coming periods, if not already). There might be a delay if you are using manual payouts (depending on your bank processing times).

Yes, you may add credit card surcharges to offset the per transaction fees that card issues may charge you. The surcharge is a flat rate that Tekion sets for credit card transactions and is automatically added to your customer's invoice.