We believe in being as open and transparent as possible. Here, you can browse for the answers to security questions commonly asked in the RFI process.
If there's a security question you have that's not answered, contact us.
How can we help?
User data is encrypted in transit via HTTPS/SSL
Configurable access roles within the system control who can access information via the system.
Data is segregated at the database layer so no one outside your organisation can access your data.
All client instances of TalonFMS are managed by our Business Continuity Management Policy.
Standard employment background checks are carried out by an independent third party.
Data access is controlled via configurable roles with access permissions. Our employees/contractors use these roles to access data via the system and do not have direct access to database unless nominated and for special support purposes.
We do not store any physical copies of customer data. Digital data is deleted in situ.
All incidents are handled as per the process defined in our Incident Management Policy.
Standard system actions are logged. Client access to these can be discussed during implementation based on your individual requirements.
Our database offers High Durability via a combination of physical and logical backups. Static assets on S3 have durability outlined here https://aws.amazon.com/s3/faqs/
You would typically retain control over your data but details are agreed during contractual process.
Backups are made daily and stored securely in Amazon Web Services. In addition, backups may be made periodically for maintenance purposes.
Yes. TalonFMS has been externally audited by an independent UKAS accredited certification body and has achieved ISO 27001:2013 certification. Our Business System Manual is available to interested parties on request. Contact: [email protected]