Information Security
Talkdesk Organizational Security
By Steve Bell
0 min read
Security is one of the most critical aspects of any enterprise cloud contact center. Talkdesk understands that the confidentiality, integrity and availability of our customers’ data is vital to your business operations and our own success.
This blog post is the first in a four-part series outlining Talkdesk’s security policies. In this post, we cover Talkdesk’s approach to organizational security.
Security Team Structure
The Talkdesk Security Department consists of two functions/teams:
- The Information Security team is responsible for governance, risk, compliance, second line of defense, ownership of the Information Security Management System and overall security program management.
- The Engineering Security team is responsible for vulnerability management, incident detection and response, appsec assurance, management of security tools, security architecture solutions and monitoring throughout multiple stages of our software development life cycle.
Security Policies
Talkdesk has an Information Security Management System (ISMS) aligned with ISO 27001 framework that includes policies and procedures to allow a systematic approach to protecting company information and assets from internal and external threats, reducing risk levels.
These policies are readily available to all employees and include governance and risk management, human resources security, security of systems and facilities, operations management, incident management, business continuity management, monitoring and security testing and privacy.
Confidentiality Agreements
All Talkdesk partners and employees, upon joining the company and/or during their employment period, as well as certain service providers, are required to sign a non-disclosure and confidentiality agreements, demonstrating their commitment to the company and its information security principles.
Privacy
Ensuring customers’ data is used only in a manner consistent with their expectations is a responsibility we take very seriously. We back our privacy guidelines with layers of security to safeguard their data.
Human Resources Security
People connecting to the Talkdesk network are required to conduct themselves in a manner consistent with the company security policies. This includes responsibilities before, during and after employment with Talkdesk.
Code of Conduct
Talkdesk Code of Conduct and Internal Regulation addresses the appropriate use of company management of information to which employees have access to during the execution of the work agreement with Talkdesk. Those who violate the Code or Talkdesk policies and procedures will be subject to sanctions established by the labor legislation in force, up to and including dismissal, depending on the seriousness of the violation.
Security Training and Awareness
Talkdesk holds an Awareness Program with several initiatives. All Talkdesk employees undergo security training as part of the onboarding process and receive ongoing training awareness that reinforces the security principles and policies, as well as industry best practices and common pitfalls. The Information Security team also distributes company-wide security alerts on an as-needed basis as risks and threats arise.
Termination Processes
Talkdesk has established documented termination processes that define their responsibilities for the collection of information assets and removal of access rights for users who leave the company.
At Talkdesk, we take security seriously and work every day to improve and keep your information protected. The protection of user data is a primary design consideration for all of Talkdesk infrastructure, applications and personnel operations. Protection of user data is far from being an afterthought or the focus of occasional initiatives – it’s an integral part of what we do. That’s why we have talented security professionals, industry-best technology to address risks and processes to make sure everything functions optimally.
Watch for our second blog in the security series, Talkdesk Infrastructure Security.