Tenzo Trust Center
Tenzo is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Resources
SOC 2 Type II Report
SOC 2 Type I Report
Chief Information Security Officer (CISO) Policy
Business Continuity and Disaster Recovery
Personnel Security Policy
Controls
Password rules enforced
Production access keys restricted and key management services
Access control procedures
Least-privilege access strictly enforced for produciton infrastructure
Sensitive Data Classification & Access Control
Encryption of data
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Data Retention and Secure Deletion Policies
Documented security & privacy risk management process
6 year retention of HIPAA documentation
Source code tool
Sample code changes
Outsourced Development Management
Documented secure development and emergency change procedures
Business continuity and disaster recovery testing
Intrusion detection tool
Infrastructure firewall
Infrastructure baseline hardening policy
Network diagram
Incident response procedures documented
Security incident list
Business continuity plans ensure emergency functionality
Alerts and remediation
Whistleblower policy
Log management tool
Vendor management program
Annual risk assessments performed
New employee and contractor agreements
Customer onboarding
Background checks
Background checks performed on contractors
Employee annual performance reports
Multi-availability zones
Automatic Session Timeout Enforcement
Customer termination
Information security policies and procedures
Authorized Communication of Material System Changes
Asset register list