Security is one of the most critical aspects of any enterprise cloud contact center. Talkdesk understands that the confidentiality, integrity and availability of our customers’ data is vital to your business operations and our own success.
This post is the final in a four-part series outlining Talkdesk’s security policies. In this post, we cover the topics of incident management, business continuity, third-party risk management, and compliance and accreditation.
Talkdesk has a rigorous incident management policy for security events that may affect the confidentiality, integrity or availability of systems or data. This policy covers four stages of the life cycle:
Each phase defines the goals for that phase, some major guidelines and who is responsible for all actions. For example:
- Detection covers the sources for events and incidents.
- Triage covers what should be evaluated in this phase
- Containment covers incident handling, including information gathering, how to avoid spreading and conditions to close the incident.
- Post-incident includes the need to do a post-mortem of the incident and incorporate learning and controls.
It also covers metrics associated with incidents and specific requirements regarding privacy incidents (aligned with GDPR, HIPAA and PCI). Additionally, it includes a severity matrix and incident classification (type of incident).
Talkdesk has a public status page that customers can subscribe to and get notifications of availability problems in our systems. For data breaches, Talkdesk will notify customers of any breaches affecting their data with a maximum SLA of 72h.
Talkdesk has a Business Continuity Management System (BCM) that includes a Business Continuity Plan (BCP) for critical business functions that are integrated and aligned with site-specific incident response plans, disaster recovery plans and crisis management plans.
The primary goal of the BCMS is to ensure organizational stability, as well as coordinate recovery of critical business functions in managing and supporting business recovery in the event of disruption or disaster. Talkdesk ensures disaster recovery plans to be tested periodically.
Additionally, Talkdesk has the highest levels of resilience and redundancy to ensure the highest level of availability. Talkdesk has Disaster Recovery in place to ensure that in case of an event impacting our infrastructure, we can keep the services running.
Get an in-depth look at Talkdesk security policies.
Third-Party Risk Management
Talkdesk evaluates new third-parties to ensure they meet our security, quality and privacy standards.
Talkdesk ensures formal agreements with them including, if applicable, clear definition of responsibilities, information security incident management, clear communication channels and points of contact for security and privacy topics (including for security incidents).
Talkdesk also conducts regular due diligence to ensure information security posture and commitment from third-parties has not degraded over time. These reviews can be performed using reports from audit firms, surveys, penetrations test results, etc.
Compliance and Accreditation
Talkdesk follows the main security frameworks such as ISO27001, NIST and OWASP, and holds several certifications such as:
- SOC2 Type II
- PCI-DSS Level 1
- CSA Star Level 1
- McAfee Enterprise Ready
- Cyber Essentials (UK)
Talkdesk has an Advanced security rating by Bitsight. We are compliant with several privacy laws such as GDPR and HIPAA, and hold a Privacy Shield certification. We are also members of Cloud Security Alliance (CSA) and CiSP.
Our infrastructure is hosted and managed within secure data centers accredited for ISO27001, SOC2 and PCI level 1.
Our dedicated security team works every day to ensure the proper measures are in place to keep your data safe. In addition to closely monitoring our threats landscape, they also conduct regular audits of our system.
At Talkdesk, we take security seriously and work every day to improve and keep your information protected. The protection of user data is a primary design consideration for all of Talkdesk infrastructure, applications and personnel operations. Protection of user data is far from being an afterthought or the focus of occasional initiatives – it’s an integral part of what we do. That’s why we have talented security professionals, industry-best technology to address risks and processes to make sure everything functions optimally.
Subscribe to the Blog
Sign up for CX and call center insights delivered weekly to your inbox.