Technical and Organizational Measures

This document describes technical and organizational security measures and controls implemented by Talon Storage Solutions, Inc (“Talon”) to protect the data customers entrust to us as part of the Talon FAST software subscription.

Within this document, the following definitions apply:

  • “Customer” means a subscriber to any software or Service provided by Talon.
  • “Customer Data” means any information provided or submitted by the Customer that is processed by the Talon to utilize the Talon software.
  • “Customer Infrastructure” means the infrastructure used by the customer to deploy and access software and storage services. This includes data centers, physical locations and virtual (cloud) locations used by the customer. Customer is solely responsible for deployment, management and security of Customer Infrastructure.
  • “Customer Personal Data” means Personal Data related to a Customer employee, owner, contractor or any other natural person associated with the Customer.
  • “Personal Data” means any information relating to an identified or identifiable natural person as defined by GDPR regulations.
  • “Strong Encryption” means the use of industry standard encryption measures.
  • “Talon FAST” means the Software-as-a-Subscription provided by Talon to our Customers. Such software is downloaded by the Customer and installed/operated in Customer Infrastructure.
  • “Talon Infrastructure” means infrastructure used by Talon to deploy and access software and storage services.
  • “Talon Operational Data” means information related to the operation and maintenance of Talon systems such software licenses, configuration information and Talon diagnostic logs. Talon Operational Data does not include the actual Customer Data accessed through or stored on Talon Software. Talon Operational Data does not include any Personal Data.
  • “Talon Personnel” means Talon employees, authorized individual contractors, and employees of Talon vendors.

This document is a high-level overview of Talon ’s technical and organizational measures.

Talon may change these measures from time to time to adapt to the evolving security landscape and where required will notify customers of these changes.

1. Organization of Information Security

Objective:

To outline Talon ’s information security structure.

Measures:

  • Talon has designated Talon Personnel responsible for information security.
  • For the purposes of information security, designated Talon Personnel report directly to the Talon senior leadership team.
  • Talon has a comprehensive set of information security policies, approved by senior management and disseminated to all Talon Personnel who may have access to Customer Data.

2. Information Security Processes and Procedures

Objective:

To demonstrate Talon’s commitment to eliminate risks associated with information security to Customer Data.

Measures:

  • Talon has defined set of policies and procedures for systematically managing Customer Data.
  • Talon’s Information Security Processes and Procedures depend on isolating Customer Personal Data from all Talon Infrastructure and Talon Personnel.
    • Talon never stores, manages, operates, or otherwise interacts with any Customer Data, other than Talon Operational Data.
    • Talon Personnel are prohibited from accessing Customer Data, other than Talon Operational Data.

3. Physical Access

Objective:

To understand the physical assets that contain Customer Data.

Measures:

  • Talon FAST software only operates in Customer Infrastructure. Customer Data, other that Talon Operational Data, never leaves the Customer infrastructure. The Customer is responsible for physical security and access control to the Customer Infrastructure.
  • The only Customer Data stored in Talon Infrastructure is the Talon Operational Data which never contains any Personal Data.
    • Talon Operational Data that is stored in the Talon Infrastructure is a subset of the Customer Data stored on Talon FAST software in the Customer Infrastructure.

4. System Access

Objective:

To ensure systems containing Customer Data are used only by approved, authenticated users.

Measures:

  • Access to Customer Infrastructure is only possible through a Customer authorized and controlled secure systems such as a VPN or a Web based access system (e.g. WebEx). Customer may refuse, revoke or restrict such access at any time without notice.
    • Only authorized Talon Personnel are allowed access to the Customer Infrastructure
    • Access to Customer Infrastructure is limited to Talon Operational Data.
  • Access to Talon Operational Data stored on Talon Infrastructure is limited to authorized Talon Personnel
    • All access is provided using secure web portals where only authorized Talon Personnel have login privileges

5. Data Access

Objective:

To ensure Personnel entitled to use systems gain access only to the Customer Data that they are authorized to access.

Measures:

  • Talon Personnel are prohibited from accessing, copying or storing Customer Data, except Talon Operational Data.
  • Talon Operational Data may only be accessed by Talon Personnel specifically approved for such access.
  • Customer Data on Customer Infrastructure may only be accessed when requested by the Customer.
  • Access to Talon Operational Data on Talon Infrastructure is protected by Role Based Access Controls.

6. Data Transmission/Storage/Destruction

Objective:

To ensure Customer Data is not read, copied, altered, or deleted by unauthorized parties during transfer/storage.

Measures:

  • Only Talon Operational Data is stored in the Talon Infrastructure. No other Customer Data is stored on the Talon infrastructure.
    • Talon Operational Data stored in Talon Infrastructure is stored with strong encryption.
    • Customer may request a copy of Talon Operational Data at any time using their customer service contact.
  • Customer may access the Talon Infrastructure through Talon web portals to obtain licenses and open support tickets
    • All Talon Operational Data is transmitted to and from Talon Infrastructure using Talon portals.
    • All Talon web portals are secured through SSL
    • Customer is provided a one time password during onboarding, which needs to be changed when the customer first logs in. The password is never stored in decryptable form and is never shared with Talon Personnel.
    • Customer’s can only access their own Talon Operational Data

7. Confidentiality and Integrity

Objective:

To ensure Customer Data remains confidential throughout processing and remains intact, complete, and current during processing activities.

Measures:

  • Talon prohibits all Talon personnel from accessing Customer Data, other than Talon Operational Data.
  • Customer Data, other than Talon Operational Data, never leaves the Customer Infrastructure. In particular, Customer Data, other than Talon Operational Data, is never copied to or accessed from Talon Infrastructure or by Talon Personnel.
  • In the event that Customer Data, other than Talon Operational Data, is accidentally shared or accessed, Talon Personnel are required to immediately delete any and all copies.
  • Talon Personnel are prohibited from sharing any Customer Data with third parties.
  • Talon does not share any Customer Data with third parties.