Encryption and Resource Access

  • Single sign-on solution for Enterprise plans
  • Two-factor authentication
  • End-to-end 256 bit HTTPS SSL encryption
  • All non-essential ports and external network interfaces blocked by default
  • No financial data or credit information is stored in any Tazio platform
  • Secure encrypted single sign-on identification service is available
  • All account passwords are stored as one-way hashes
  • All client-side communication, sessions, and input are validated server-side
  • All media assets are secured on Rackspace using signed URLs
  • All account data is encrypted and securely stored in Rackspace DB instances
  • All data is backed up in multiple remote data centresĀ 

Source Code

  • We peer review all production code
  • We have Integration tests for all critical systems
  • All sub-dependencies have been vetted for security and performance issues
  • All sub-dependencies are directly bundled into the Tazio application
  • We follow strict compliance with source code licensing and open-source licensing

Key Management

Tazio maintains a strict policy for assigning and distributing keys which may access any production or development systems.

  • Master access keys are never distributed to any employees
  • Access keys are never stored in any version control system
  • Access keys are never stored anywhere as plaintext
  • Individual access keys are generated per employee with developer only access

Secure Workstations

  • All company workstations and laptops use encryption for storing of any potentially sensitive data
  • All company workstations and laptops use anti-malware and antivirus software

Employee Awareness

  • All Tazio employees have been instructed on best practice security standards
  • Tazio employees are granted granular role access to resources
  • Any employee access to sensitive data is tracked and monitored

Data Loss / Security Breach

In the event of a loss of data or potential security breach, you will be contacted immediately and be kept updated in real-time as Tazio assesses the situation. Tazio will quickly take any measures necessary to secure and recover your data. A full incident report will be made available by Tazio should any incidents occur.

Did this answer your question?