Security, privacy, and compliance

Talend is committed to preserving the confidentiality, integrity, availability, and traceability of all forms of information used by Talend and maintained on behalf of employees, investors, business partners, customers, and government agencies.

Talend is compliant with the following industry standards

 

Soc II Type 2 seal

SOC 2 Type II

Talend has completed a full third-party SOC 2 Type II audit – an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Talend complies with SOC2 requirements.
Read more about SOC2 compliance

 

HIPAA seal

HIPAA

Talend provide BAA agreement to customers who want to use personal health information with Talend products.
Read more about HIPAA compliance

 

GDPR seal

GDPR

Talend is in full compliance with the European Union’s Global Data Protection Regulation (GDPR). The Talend Terms of Use includes a Data Processing Addendum (DPA) that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. The Talend Privacy Policy also includes specific GDPR requirements.
Read Talend Privacy policies

 

 

CSA Star seal

CSA STAR

Talend uses the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program to assess Talend security practices and validate the security posture of Talend  products. More information here.

 

Cyber Essentials seal

Cyber Essentials

Cyber Essentials is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks. It demonstrates the baseline controls Talend implements to mitigate the risk from common Internet-based threats, within the context of the UK Government’s “10 Steps to Cyber Security”.  

 

Talend follows security and privacy best practices

Talend implements a combination of policies, procedures, and technologies to ensure that all data are adequately protected and secured.

  • Product security

    Talend Data Fabric is a managed cloud integration platform hosted on Amazon Web Services and Microsoft Azure. It operates in multiple AWS and Azure regions globally. Any instance in any public cloud region can failover to another region of the same public cloud vendor.  Read Talend Data Fabric Security Architecture Overview.

  • Product status

    Talend makes sure that the status of Talend Data Fabric, planned updates and important information about outages are available at https://trust.talend.com 

  •  Security rating

    Talend uses Bitsight to assess its security and demonstrate performance. Please subscribe to Bitsight to see Talend Bitsight security score.  

Business continuity

Talend maintains a Business Continuity Plan regarding how we will respond to disruptive events. The plan addresses: data backup and recovery; all mission critical functions systems; financial and operational assessments and checklists; alternative communications with customers, employees, and regulators; evacuation plans; alternate physical location of employees; critical suppliers; regulatory reporting; and assuring our customers prompt access to their data if we are unable to continue our business.

Security incident response

What Talend calls a security incident is an event that, as assessed by the CISO, violates Talend policy; information security policy; other policy, standard, or code of conduct; or threatens the confidentiality, integrity, or availability of information systems or services.

Incidents may be established by review of a variety of sources including, but not limited to the monitoring of systems, reports from Talend staff or outside organizations (including customers or partners) and service degradations or outages. Discovered incidents will be declared and documented.

Incidents will be categorized according to potential for restricted data exposure or criticality of resources using a Critical-High-Medium-Low designation.

In the event of a security incident impacting one or more Talend customers, the CISO will trigger Talend’s Incident Response Plan and follow Talend’s Security Incident Process. 

This process encompasses six phases: preparation, detection, containment, investigation, remediation and recovery.

Throughout the entire process, the CISO will work closely with all impacted customers and make sure that they are provided with all necessary, available and acceptable (by laws and regulations) artifacts that help in the investigation of the incident, its remediation and recovery.