We understand that data security comes first. That’s why we invest in teams and technology to consistently better our security by protecting not only our operations but also your business. Since 2017, Talview has been fortunate to gain the trust of its customers to professionally and securely provide services and handle/store any data. We pride ourselves in providing our customers and any other stakeholders with best-in-class security practices that ensure that their data is in safe hands.
With that trust, Talview has put in place several organization-wide and business-wide security protocols that ensure data protection and security of its users.
End-To-End Encryption: We use end-to-end data encryption for any data in motion or data at rest on our platform or network. All connections to our platform are made via High grade SSL connections only. Vulnerable legacy protocols (e.g., TLS 1.0) and handshake mechanisms are disabled explicitly. The keys are changed regularly for added protection. Talview is not vulnerable to POODLE, Heartbleed, or shellshock attacks.
Classification of Data: We classify all our data into three categories, according to the level of security required. In descending order of sensitivity, these categories are Confidential, Internal Use Only, and Restricted Use. Any action to be taken for or against any data breach is treated differently according to the severity of the category it falls into.
Secure Operations and Access: All access to customer data is governed by a permission management system with periodic review of permissions. All changes affected in the permissions management tool are captured in an audit. When changes in an employee’s job function occur that potentially leads to account switching, continued access is explicitly approved to the account or automatically revoked.
Every access grant is reviewed and re-approved if access is revoked by default. Access is automatically revoked when we terminate an employee, removing the user from all our systems.
Threat Management: We perform Data Protection Impact Assessment (DPIA) to determine the maturity level of a Privacy/Data Protection framework. Where the processing of Personal Data or Special Categories of Personal data by Talview is likely to result in a risk to the rights and freedoms of Data Subjects, considering the proposed nature, scope, context, and purposes of the processing, a DPIA should be carried out.
Hardware Security: In order to safeguard private information, Talview has appropriate security safeguards that ensure that Personal Information is appropriately secured against: loss, unauthorized access, use, modification or disclosure, and other misuse. Talview also ensures that Personal electronic data shall be subject to appropriate stringent controls, such as passwords, encryption, access logs, back-ups, etc.
Physical Security: We have put together a Data Security Committee that looks after procedures and guidelines concerning the collection, storage, use, and safekeeping of data, to update this policy as necessary, and direct the responsive actions in the event of any material violation of this policy or any Security Breach.
Talview leverages an external-third party vendor to carry out the vulnerability and penetration testing of its application, network, and infrastructure. The assessment is carried out every 6 months.
If you come across a security vulnerability threat on Talview platform, please inform us right away. We will investigate your concern and do our best to fix valid issues quickly.
You can submit your report on firstname.lastname@example.org and our security team will respond as soon as possible.