Talend is committed to preserving the confidentiality, integrity, availability, and traceability of all forms of information used by Talend and maintained on behalf of employees, investors, business partners, customers, and government agencies.
Talend is compliant with the following industry standards
SOC 2 Type 2
Talend has completed a full third-party SOC 2 Type 2 audit — an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Talend complies with SOC 2 requirements. Read more about SOC 2 compliance.
Talend uses the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program to assess Talend security practices and validate the security posture of Talend products. Find more information here.
Cyber Essentials is a UK government-backed, industry-supported certification scheme to help organizations demonstrate operational security against common cyber-attacks. It demonstrates the baseline controls Talend implements to mitigate the risk from common internet-based threats, within the context of the UK government’s 10 Steps to Cyber Security.
Talend follows security and privacy best practices
Talend implements a combination of policies, procedures, and technologies to ensure that all data is adequately protected and secured.
Talend Data Fabric is a managed cloud integration platform hosted on Amazon Web Services and Microsoft Azure. It operates in multiple AWS and Azure regions globally. Any instance in any public cloud region can fail over to another region of the same public cloud vendor. Read Talend Data Fabric Security Architecture Overview.
The status of Talend Data Fabric, planned updates, and important information about outages is available at https://trust.talend.com.
Talend uses BitSight to assess its security and demonstrate performance.
Talend maintains a business continuity plan regarding how we respond to disruptive events. The plan addresses: data backup and recovery; all mission-critical systems; financial and operational assessments and checklists; alternative communications with customers, employees, and regulators; evacuation plans; alternate physical location of employees; critical suppliers; regulatory reporting; and assuring our customers prompt access to their data if we are unable to continue our business.
Security incident response
What Talend calls a security incident is an event that, as assessed by the CISO, violates Talend policy; information security policy; other policy, standard, or code of conduct; or threatens the confidentiality, integrity, or availability of information systems or services.
Incidents may be established by review of a variety of sources, including, but not limited to, the monitoring of systems, reports from Talend staff or outside organizations (including customers or partners), and service degradations or outages. Discovered incidents will be declared and documented.
Incidents are categorized as critical, high, medium, or low importance according to their potential for exposing restricted data or the criticality of resources involved.
In the event of a security incident impacting one or more Talend customers, the CISO will trigger Talend’s Incident Response Plan and follow Talend’s Security Incident Process.
This process encompasses six phases: preparation, detection, containment, investigation, remediation, and recovery.
Throughout the entire process, the CISO will work closely with all impacted customers and make sure that they are provided with all necessary, available, and acceptable (by-laws and regulations) artifacts that help in the investigation of the incident, its remediation, and the recovery.
Talend’s COVID-19 Safety and Business Continuity Plan: An executive message
In times of uncertainty, we will turn to those we trust for support. At Talend, we value the trust that our partners and our customers have in us and we are committed to fully supporting them and their business success. We continue to be vigilant in monitoring ...
Can you keep a secret? What will it take for me to trust you to keep and protect a secret that I share with you? If you are a friend or family member, I may not need more than you saying “Yes”, but if I ...
From GDPR to CCPA, the right to data access is the Achilles’ Heel of data privacy compliance and customer trust – Part 1
This blog is the first of a series dedicated to Data Subject Access Requests (DSARs) and its importance to regain customer trust. In December 2019 we released the second edition of our data privacy benchmark, and this year again, results are shocking: 18 months after GDPR ...
Handling secrets has always been a challenging and critical task within organizations. As production workloads deployed in remote clouds or following hybrid patterns are ever increasing, this problematic becomes more complex: we still want to manage secrets from a central place, using state-of-the-art security practices (encryption at ...
Data Privacy through shuffling and masking – Part 2
In the first part of this blog two-part series, we took a deep dive on Data Shuffling techniques aiming to mix up data and allowing to optionally retain logical relationships between columns. In this second part, we will now focus on Data Masking techniques as one of ...
Data Privacy through shuffling and masking – Part 1
Protecting sensitive data can be a challenging task for companies. In a connected world in which data privacy regulations are continually changing, some technics offer strong solutions for staying compliant with the latest requirements such as the California Consumer Privacy Act (CCPA) in the United States or ...