What Talend calls a security incident is an event that, as assessed by the CISO, violates Talend policy; information security policy; other policy, standard, or code of conduct; or threatens the confidentiality, integrity, or availability of information systems or services.
Incidents may be established by review of a variety of sources, including, but not limited to, the monitoring of systems, reports from Talend staff or outside organizations (including customers or partners), and service degradations or outages. Discovered incidents will be declared and documented.
Incidents are categorized as critical, high, medium, or low importance according to their potential for exposing restricted data or the criticality of resources involved. In the event of a security incident impacting one or more Talend customers, the CISO will trigger Talend’s Incident Response Plan and follow Talend’s Security Incident Process.
This process encompasses six phases: preparation, detection, containment, investigation, remediation, and recovery.
Throughout the entire process, the CISO will work closely with all impacted customers and make sure that they are provided with all necessary, available, and acceptable (by laws and regulations) artifacts that help in the investigation of the incident, its remediation, and the recovery.