Tekion’s products are built
with security at their core.
Data Storage Site Security
The sites where your data is stored, including data centers, offices, and off-site storage facilities, will have appropriate and physical security controls.
These measures include:
The networks on which your data will be transmitted will be protected from unauthorized access or infiltration, either internally or externally.
The measures that will be taken to ensure this includes:
The technology on which your data is stored, including servers, workstations and laptops, cloud service and other portable media will be protected from known threats by:
The measures that will be taken to ensure this will include:
The confidentiality of your data will be maintained by protecting such data wherever it is stored, and whenever it is transmitted.
These processes and procedures may include:
Your data will be accessed only by Tekion authorized personnel through such means as:
We will ensure that appropriate aspects of good security practice are enforced when processing any of your data.
These processes include:
Staff and 3rd Party Security Procedures
We will ensure and maintain the integrity of personnel accessing your data by:
Third party subcontractors will be bound to technical and organizational measures that are at least as rigorous as the measures that We commit to You. We continuously review these measures and update them as needed to keep in line with industry standards. If requested, We will provide You with a description of our current measures.
Data Breach Procedures
We have established a set of data breach security procedures that include the following elements:
Availability and continuity
System availability is our top priority. To that end, we maintain multiple geographically diverse data centers and have implemented robust disaster recovery and business continuity programs. For more information on our service levels, please see Our Service Level Agreement.
Security built upon a strong foundation
As an end-to-end cloud native platform, our products and services leverage the state-of-the-art security provided by Azure and AWS to keep your data and our products secure.
Click the following links for more information on how Azure and AWS secure your information in their data centers.
Frequently Asked Questions
Does Tekion have any internal policies regarding data privacy and information security?
Tekion has formal policies and procedures addressing how we develop, implement, maintain, and improve our robust information security program. We also have several internal policies governing how our employees and contractors access, store, and secure customer data. These policies follow a similar format, have dedicated owners, and committed review periods. The policies cover a variety of topics ranging from securing our employees’ assets to responding to security incidents.
Who has access to our data?
Additionally, our products have audit trails to give customers visibility over access to their data in Tekion’s systems, including their employees and third-party vendors. Please contact your solutions specialist for more information on obtaining this information.
Have you undergone any industry recognized security audits such as ISO 27001 or SOC? If so, what is the date of the most recent audit?
Tekion is SOC 2 Type 2 and SOC 1 Type 2 compliant. SOC 2 Type 2 compliance is an internal controls report describing how companies safeguard customer data and how well those controls operate. SOC 1 Type 2 compliance is an internal controls report that allows our customers to assess how Tekion’s controls impact their controls for financial reporting. Both our SOC 1 and SOC 2 reports are issued by an independent third-party accredited auditor. Please contact us at email@example.com to obtain our latest reports.
Tekion is also pursuing an ISO 27001 certification, which is the leading international standard to help organizations protect their and their customers’ information. We expect to have this certification by Q2 2023.
Do you have an appointed information security officer?
Yes – please contact firstname.lastname@example.org for more information.
Have you performed an information security risk assessment within the last year?
Yes, Tekion conducts security risk assessments on an ongoing basis before every major release. Additionally, Tekion uses a third-party information security firm to conduct penetration tests on its systems containing customer data. The most recent vulnerability test is in October 2022.
Is data stored on Tekion’s products encrypted?
We use high standards of encryption slammed to secure our customer data at rest and in transit. And as an entirely cloud-based platform, our customers’ data is further secured by the state-of-the-art measures used by our cloud providers, Amazon Web Service and Microsoft Azure. To learn more about our security practices, please see our security measures page.
Does Tekion use multi-factor authentication?
Yes. Multi-factor authentication (MFA) is one of several tools that we use to secure data in our products and our internal systems. Authorized Tekion employees and contractors may only access Tekion systems and databases holding customer data through MFA. On the product side, MFA is enabled by default.
Do you have a formal disaster recovery/business continuity plan?
Yes, Tekion has a detailed disaster recovery and business continuity plan to ensure that we recover operations quickly and efficiently in case of a disaster. This includes deploying our platform across multiple data centers with replication and implementing strict recovery deadlines to ensure our systems are running again as soon as possible.
Do you conduct information security training for your workforce?
We provide formal information security training to all employees during their onboarding process and follow up with regular information security refresher trainings at least annually. We also utilize social engineering and phishing simulations to ensure that our employees recognize tactics used by hackers.
Do you have a vulnerability management, penetration testing or bug bounty programs? If so, which apply?
Yes, Tekion has a vulnerability management program. We also regularly conduct vulnerability assessment and penetration testing (VA/PT) as well. While we do not have a formal bug bounty program, we promptly investigate any reported security flaws and risks and address them as quickly as possible. To report a potential security risk, please contact email@example.com.
Does Tekion have a formal incident response plan?
Yes, our incident response plan sets forth internal guidelines for detecting incidents, escalating to security personnel, communication, investigation, mitigation, and root cause analysis. You can find the details in our Data Processing Addendum.
Does Tekion screen its employees?
Yes, we work with third-party agencies to screen all of our employees prior to joining Tekion. Where permitted by law, we conduct credit and criminal checks as well.
Does Tekion have a process to audit its data protection and security procedures?
Yes. We perform comprehensive security evaluations as part of our annual compliance audits, which involve an independent assessment by external audit firm(s). Additionally, we perform operational audits in high-risk areas of our business.
Do you monitor third-party vendors to ensure they comply with your security standards?
Yes, we have a supplier relationships procedure that ensures that third-party service providers implement required controls under security frameworks like ISO 27001, SOC 1, SOC 2, and PCI DSS.
Are all Tekion employees and contractors required to sign a non-disclosure agreement?
Yes, all new Tekion hires and contractors sign confidentiality agreements preventing misuse and unauthorized disclosure of customer data. Our employees and contractors have the same confidentiality obligations as we do to our customers.
Do you have Service Level Availability Policy (SLA) in place and communicated to the customer?
Yes, Please click here for the Service Level Availability Policy (SLA) and it has been posted on our website (Tekion Home page >> Legal >> Tekion® ARC Service Level Agreement)