Talexio is delivered as a Software as a Service (SaaS) offering, accessible for administration, management and usage from a supported web browser of your choice from any device or location, securely.
All our work practices are ISO 27001 certified, confirming our adherence to the highest standards for establishing, implementing, maintaining and continuously improving our information security management system (ISMS) powering our offerings.
“Design, Provision and Support of an SAAS HR Platform.”
Our Security Model
Talexio solutions are hosted on the Amazon Web Services (AWS) cloud infrastructure, located in the Frankfurt (Germany) data-centres and use a shared security model between AWS, our company and you as the Client.
The Amazon Web Services (AWS) cloud platform provides the necessary secure compute infrastructure spanning hardware, software, networking, operating system and other cloud management facilities to international and industry-grade levels. This means AWS is responsible for the ongoing security and physical access to the infrastructure that supports its cloud services, including the hardware, software, networking and facilities on which our Talexio solutions are hosted.
Talexio is responsible for developing, maintaining and managing the code, data sub-systems and parameter mechanisms that power the system. We are also responsible for ensuring customer-inputted data within the systems is stored in locations protected by proper access controls in place. This includes managing data storage, backup, and recovery and implementing data encryption and access controls. Talexio is also responsible for ensuring the security of the applications and operating systems within the cloud environment, including applying updates and security patches. Additionally, we work with AWS to manage identity and access management (IAM) and network security, including firewalls and intrusion detection/prevention systems. Overall, Talexio takes a proactive approach to secure our SaaS solution within the AWS cloud environment, including:
- Data Flow Management
- Penetration Testing
- System Testing
- Vulnerability Scans
- Encryption in Transit and at Rest
- Security Patching
- Automated Daily Backups
- Password, Multi-factor & Access Control Management
- Incident Handling Procedures
- Highly Structured Development and Change Controls
As a Talexio client, you also have some shared responsibilities in ensuring the usage of the solutions to their intended purpose and securing your data and applications within the licensed Talexio Solutions. This includes protecting your data and identities by managing the access permissions to your resources and ensuring compliance with applicable laws and regulations. You are also responsible for configuring and managing the groups and permissions on the software solution side. This includes managing identity and access management (IAM) and configuring security group firewall rules and policies. Additionally, you are responsible for ensuring the security of any client-side data input into the system, including validating input data and encoding output data. As the customer, you play an essential role in ensuring the security of your data within our applications stored on the AWS cloud environment.
Summarising the shared security model for Talexio SaaS solutions described above:
As you can see from the table above, Talexio is responsible for managing the data stored on the systems and ensuring that we have the proper access controls in place. This includes collecting data storage, backup, and recovery and implementing data encryption and access controls.
As the Client, you are responsible for configuring and managing the groups and permissions on the software solution side. This includes managing identity and access management (IAM) and configuring security group firewall rules and policies for all your employee’s devices and workstations. Talexio allows for each and every user account to make use of secure authentication with Two Factor Authentication – it is the Client’s responsibility to evaluate and potentially enforce usage with the specific users of their account.
A full IT-compliance information pack is available on request. Kindly reach out to us for more details. You can also check out these below links for more information: