TORKEHUB AI CRM and automation security policy
At TORKEHUB, we deeply value the security and confidentiality of your data, whether it is through our AI CRM or Automation capabilities. We have implemented comprehensive measures to ensure that your information remains safe and protected. Here are the key points of our security policy:
Section 1: Data security
Secure by design
Every modification and introduction of new features at TORKEHUB adheres to a meticulous change management policy, ensuring that all alterations to applications are duly authorized before being implemented in the production environment. Our Software Development Life Cycle (SDLC) mandates strict adherence to secure coding guidelines. All code changes undergo thorough scrutiny for potential security issues, utilizing code analyzer tools, vulnerability scanners, and manual review processes.
Our robust security framework, aligned with OWASP standards and integrated at the application layer, incorporates functionalities designed to counter threats such as SQL injection, Cross-Site Scripting, and application layer Denial-of-Service (DOS) attacks.
Data Isolation
TORKEHUBframework effectively distributes and upholds cloud space for individual customers. Each customer's service data undergoes logical separation from other customers' data, achieved through secure protocols embedded in the framework. This meticulous approach ensures that no customer's service data becomes accessible to another customer.
Service data is stored on our servers when using TORKEHUB services. Ownership of your data resides with you, and TORKEHUB does not share this data with any third-party without your explicit consent.
Encryption
In Transit: All customer data transmitted to our servers over public networks benefits from robust encryption protocols. TORKEHUB mandates the use of Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers for all connections, including web access, API access, mobile apps, and IMAP/POP/SMTP email client access. This ensures secure connections by authenticating both parties and encrypting data during transfer. For email services, we default to opportunistic TLS , securing email delivery and mitigating eavesdropping between mail servers where peer services support this protocol.
We fully support Perfect Forward Secrecy (PFS) with our encrypted connections, ensuring that even if compromised in the future, no previous communication can be decrypted. Implementation of the HTTP Strict Transport Security header (HSTS) on all web connections directs modern browsers to connect only over encrypted channels. Additionally, all authentication cookies on our web platform are flagged as secure.
At Rest: Sensitive customer data at rest undergoes encryption using the robust 256-bit Advanced Encryption Standard (AES) Encryption specifics vary with the services you opt for. TORKEHUB owns and manages keys through an in-house Key Management Service (KMS). An additional layer of security is added by encrypting data encryption keys using master keys. These master keys and data encryption keys are physically separated and stored in different servers with restricted access.
Data retention and disposal
We retain data in your account for the duration of your TORKEHUB services usage. upon termination of your TORKEHUB user account, your data is expunged from the active database during the subsequent cleanup, occurring every 6 months. data deleted from the active database is further removed from backups after 3 months. In instances where your unpaid account remains inactive for a continuous period of 120 days, we reserve the right to terminate it, providing prior notice and an option to back up your data.
A verified and authorized vendor conducts the disposal of unusable devices, which are categorized and securely stored until disposal. any information within these devices is formatted before disposal. failed hard drives undergo degaussing followed by physical destruction using a shredder. failed solid state devices (SSDs) undergo crypto-erasure before being shredded.
Section 2: organizational security
Employee background checks
Every TORKEHUB employee undergoes a thorough background verification process conducted by reputable external agencies. this includes scrutiny of criminal records, previous employment history, if any, and educational background. employees are not assigned tasks with potential risks to users until the background verification is successfully completed.
Security awareness
Upon induction, each employee signs a confidentiality agreement and acceptable use policy. subsequently, they undergo training in information security, privacy, and compliance. evaluation of their understanding through tests and quizzes guides further training on specific security aspects based on their roles.
Continuous education on information security, privacy, and compliance is facilitated through our internal community, where regular check-ins occur to keep employees abreast of organizational security practices. Internal events are also hosted to enhance awareness and foster innovation in security and privacy.
Dedicated security and privacy teams
TORKEHUB boasts dedicated security and privacy teams responsible for implementing and managing security and privacy programs. these teams engineer and maintain defense systems, formulate review processes for security, and conduct ongoing network monitoring to detect suspicious activity. they offer domain-specific consulting services and guidance to our engineering teams.
Internal audit and compliance
A dedicated compliance team ensures the alignment of procedures and policies within TORKEHUB with established standards. periodic internal audits are conducted, and the team facilitates independent audits and assessments by third parties.
Endpoint security
All workstations provided to TORKEHUB employees run on up-to-date operating system versions and are equipped with anti-virus software. configured to comply with our stringent security standards, workstations are regularly patched, tracked, and monitored by TORKEHUB's endpoint management solutions. these workstations are inherently secure, featuring encryption of data at rest, robust password protection, and automatic locking when idle. mobile devices utilized for business purposes are enrolled in the mobile device management system to ensure adherence to our security standards.
Section 3: operational security
Logging and monitoring
At TORKEHUB, we uphold a robust logging and monitoring system, meticulously analyzing information derived from services, internal network traffic, and device usage. event logs, audit logs, fault logs, administrator logs, and operator logs are diligently recorded. these logs undergo automated monitoring and analysis to identify anomalies, such as unusual activity in employees' accounts or attempts to access customer data. stored on a secure server isolated from full system access, we manage access control centrally to ensure availability.
Comprehensive audit logging, encompassing all user-performed update and delete operations, is transparently available to our customers in every TORKEHUB service.
Vulnerability management
Our dedicated vulnerability management process actively employs certified third-party scanning tools, in-house tools, and automated/manual penetration testing efforts to scan for security threats. our security team vigilantly reviews inbound security reports, monitors public channels for security incidents, and prioritizes vulnerabilities based on severity. Identified vulnerabilities are logged, assigned an owner, and tracked until closure through patching or relevant controls.
Malware and spam protection
TORKEHUB employs an automated scanning system to rigorously scan all user files, preventing malware dissemination throughout our ecosystem. our custom anti-malware engine, regularly updated from external threat intelligence sources, scans files against blacklisted signatures and malicious patterns. our proprietary detection engine, integrated with machine learning techniques, ensures robust protection against malware.
Supporting domain-based message authentication, reporting, and conformance (DMARC) to prevent spam, we utilize SPF and DKIM for message authenticity verification. our proprietary detection engine combats abuse of TORKEHUB services, addressing phishing and spam activities. additionally, a dedicated anti-spam team monitors signals and manages abuse complaints.
Backup
TORKEHUB conducts incremental daily backups and weekly full backups of databases using the TORKEHUB admin console (TAC) for TORKEHUB's data centers. stored in the same location and encrypted with AES-256 bit algorithms, backup data is maintained in tar.gz format. all backups are retained for three months. upon customer request for data recovery within this retention period, data is restored, and secure access is provided. the restoration timeline depends on data size and complexity.
To enhance data safety, a redundant array of independent disks (RAID) is employed in backup servers. regularly scheduled and tracked, backups undergo automatic integrity and validation checks through the TAC tool.
From your perspective, we strongly recommend scheduling regular data backups by exporting them from the respective TORKEHUB services and storing them locally in your infrastructure.
Disaster recovery and business continuity
TORKEHUB stores application data on resilient, replicated storage across data centers. In case of primary data center failure, the secondary center seamlessly takes over operations with minimal downtime. equipped with multiple ISPs, both centers ensure uninterrupted service. physical measures, including power backup, temperature control, and fire prevention, contribute to business continuity. a business continuity plan is in place for major operations, guaranteeing resilience in support and infrastructure management.
Section 3: Identity and access control
Single sign-on (SSO)
TORKEHUB implements single sign-on (SSO), streamlining user access across multiple services through a unified sign-in page and authentication credentials managed by our integrated Identity and access management (IAM) service. additionally, we extend support for security assertion markup language (SAML), allowing customers to integrate their company's identity provider, such as LDAP or ADFS, during TORKEHUB services login.
SSO not only simplifies the login process but also ensures compliance, offers robust access control and reporting, and mitigates the risk of password fatigue, consequently reducing vulnerabilities associated with weak passwords.
Multi-factor authentication
To bolster security, TORKEHUB implements multi-factor authentication (MFA), adding an extra layer of verification beyond the password. this approach significantly reduces the risk of unauthorized access, particularly in cases where a user's password is compromised. our system supports diverse MFA modes such as biometric touch ID or face ID, push notification, QR code, and time-based one-time passwords (OTP).
Administrative access
Stringent measures are in place to govern administrative access. technical access controls and internal policies prohibit employees from arbitrarily accessing user data. adhering to the principles of least privilege and role-based permissions, we minimize the risk of data exposure.
Access to production environments is centralized and authenticated using a combination of robust passwords, two-factor authentication, and passphrase-protected SSH keys. this access is facilitated through a segregated network with stringent rules and fortified devices. additionally, we meticulously log all operations and conduct periodic audits to ensure compliance and security.
Section 4: customer controls for security
In our commitment to providing robust security measures at TORKEHUB, we recognize the essential role customers play in maintaining a secure environment. here are imperative actions customers can undertake to fortify security from their end:
1. Choose a unique, strong password: select a distinctive and robust password, ensuring its protection and confidentiality.
2. Implement multi-factor authentication (MFA): enhance security by enabling MFA, adding an extra layer of verification to your account.
3. Utilize latest software versions: employ the latest browser versions, mobile operating systems, and updated mobile applications. this ensures the application of security patches, guarding against vulnerabilities, and leveraging the latest security features.
4. Exercise prudence in data sharing: when sharing data within our cloud environment, exercise reasonable precautions to maintain data integrity and confidentiality.
5. Classify and label Information: categorize information into personal or sensitive categories and label them accordingly for a structured approach to data management.
6. Monitor account activities: regularly monitor devices linked to your account, active web sessions, and third-party access. Identify anomalies in account activities and manage roles and privileges effectively.
7. Stay Informed about phishing and malware: be vigilant against phishing and malware threats. exercise caution with unfamiliar emails, websites, and links that may attempt to exploit sensitive information by impersonating TORKEHUB or other trusted services.
For a comprehensive understanding of how you can collaborate with TORKEHUB to establish a secure cloud environment, please refer to our resource on "understanding shared responsibility with TORKEHUB." this detailed analysis delves into the shared responsibility model, outlining the collaborative efforts required from both our customers and TORKEHUB to uphold individual responsibilities in the realm of cloud security and privacy.
Conclusion
At TORKEHUB, safeguarding the security of your data is not just a commitment; it's your inherent right and an ongoing mission for us. our relentless dedication to maintaining the integrity of your data remains unwavering. we persistently strive to elevate the standards of data security, ensuring that your trust in TORKEHUB is upheld at every juncture.
For any additional inquiries regarding this critical matter, we encourage you to explore our comprehensive frequently asked questions (FAQs) section. alternatively, feel free to reach out to us directly at security@torkehub.com .your security matters, and at TORKEHUB, we are steadfast in our pursuit of excellence in data protection.