Security, privacy, and compliance
Talend is committed to preserving the confidentiality, integrity, availability, and traceability of all forms of information used by Talend and maintained on behalf of employees, investors, business partners, customers, and government agencies.
Talend is compliant with the following industry standards
SOC 2 Type 2
Talend has completed a full third-party SOC 2 Type 2 audit — an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Talend complies with SOC 2 requirements. Read more about SOC 2 compliance.
Talend provides BAA agreements to customers who want to use personal health information with Talend products. Read more about HIPAA compliance.
Cyber Essentials Plus
Cyber Essentials Plus is the audited version of the Cyber Essentials information security framework which is a UK government-backed, industry-supported certification scheme to help organizations demonstrate operational security against common cyber-attacks. It demonstrates the controls implemented to mitigate the risk from common internet-based threats. Cyber Essentials Plus is a series of tests that provide a further level of assurance that these technical controls have been successfully implemented within Talend. The certification is available upon request. Read more about Cyber Essentials Plus.
Talend has certification for compliance with ISO/IEC 27001, an internationally recognized information security management standard and code of practice based on industry leading security best practices. This certification demonstrates that Talend is in full compliance with the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also demonstrates Talend’s full compliance with the requirements for the assessment and treatment of information security risks tailored to the needs of Talend and its customers. Talend’s ISO/IEC 27001 certification can be verified through this link.
** Talend has certification for compliance with ISO/IEC 27701:2019, the new data privacy extension to ISO/IEC 27001:2013. This certification demonstrates that Talend achieved compliance with privacy requirements to establish, implement, maintain and continually improve a robust data privacy management system. ISO/IEC 27701:2019 builds on the same information security management requirements, controls, and objectives associated with the collection and processing of personally identifiable information (PII) and other types of personal data consistent with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other data privacy requirements. Talend’s ISO/IEC 27701 certification can be verified through this link.
Talend uses the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program to assess Talend security practices and validate the security posture of Talend products. Find more information here.
Talend follows security and privacy best practices
Talend implements a combination of policies, procedures, and technologies to ensure that all data is adequately protected and secured.
Talend Data Fabric is a managed cloud integration platform hosted on Amazon Web Services and Microsoft Azure. It operates in multiple AWS and Azure regions globally. Any instance in any public cloud region can fail over to another region of the same public cloud vendor. Read Talend Data Fabric Security Architecture Overview and Talend Data Catalog Security Architecture Overview.
The status of Talend Data Fabric, planned updates, and important information about outages is available at https://trust.talend.com and, specifically for Data Catalog, at https://datacatalog.trust.talend.com
Talend uses BitSight to assess its security and demonstrate performance.
Talend maintains a business continuity plan regarding how we respond to disruptive events. The plan addresses: data backup and recovery; all mission-critical systems; financial and operational assessments and checklists; alternative communications with customers, employees, and regulators; evacuation plans; alternate physical location of employees; critical suppliers; regulatory reporting; and assuring our customers prompt access to their data if we are unable to continue our business.
Security incident response
What Talend calls a security incident is an event that, as assessed by the CISO, violates Talend policy; information security policy; other policy, standard, or code of conduct; or threatens the confidentiality, integrity, or availability of information systems or services.
Incidents may be established by review of a variety of sources, including, but not limited to, the monitoring of systems, reports from Talend staff or outside organizations (including customers or partners), and service degradations or outages. Discovered incidents will be declared and documented.
Incidents are categorized as critical, high, medium, or low importance according to their potential for exposing restricted data or the criticality of resources involved.
In the event of a security incident impacting one or more Talend customers, the CISO will trigger Talend’s Incident Response Plan and follow Talend’s Security Incident Process.
This process encompasses six phases: preparation, detection, containment, investigation, remediation, and recovery.
Throughout the entire process, the CISO will work closely with all impacted customers and make sure that they are provided with all necessary, available, and acceptable (by-laws and regulations) artifacts that help in the investigation of the incident, its remediation, and the recovery.
Common vulnerabilities and exposures (CVEs)
Talend believes effective disclosure of security vulnerabilities requires mutual trust, respect, transparency, and common good. Together, our vigilance promotes the continued security and privacy of Talend customers, products, and services. You can review our vulnerability disclosure policy and report a security vulnerability here.