Compliance

What enterprise security and compliance does Tallyfy provide?

Tallyfy^® maintains enterprise-grade security infrastructure and comprehensive data protection protocols.

Our platform adheres to rigorous compliance standards and industry-leading security frameworks. This section details our cybersecurity governance and compliance methodology.

What is Tallyfy’s SOC 2 Type 2 compliance certification?

Tallyfy^® has successfully achieved SOC 2 Type 2 compliance certification through comprehensive third-party security assessments of our business process management platform.

Assessment Period: This compliance evaluation encompassed May 21, 2024, to August 21, 2024.
Scope Coverage: The assessment evaluated Security controls according to AICPA Trust Services Criteria frameworks.
Independent Auditor: Prescient Assurance LLC conducted the comprehensive security compliance assessment.
Compliance Status: Tallyfy^® maintains continuous SOC 2 Type 2 adherence through systematic monitoring and annual certification renewals. The subsequent assessment cycle concludes August 21, 2025.

This SOC 2 Type 2 attestation validates Tallyfy^® security control effectiveness and operational reliability over the specified evaluation period.

What security governance framework does Tallyfy use?

Tallyfy^® implements comprehensive cybersecurity measures aligned with industry-standard data protection frameworks.

Our security architecture encompasses:

How does Tallyfy manage identity and access?

Principle of Least Privilege: Users receive access exclusively to resources essential for designated role functions.
Multi-Factor Authentication: Authentication protocols require unique credentials supplemented by secondary verification mechanisms for enhanced security across critical infrastructure.
Access Reviews: Systematic privilege audits occur annually for standard users and quarterly for elevated access permissions, ensuring appropriate authorization alignment.
Environment Segregation: Development, testing, and production systems maintain strict isolation. Production access requires explicit authorization protocols.

How does Tallyfy enforce Enterprise Single Sign-On?

Organizations demanding heightened authentication security can configure Tallyfy^® for mandatory “SSO-only” access.

This enforcement mode ensures:

Complete authentication routing through designated Single Sign-On providers without alternative access methods.
Comprehensive disabling of traditional email-password authentication across organizational accounts.
Centralized user provisioning exclusively through SSO identity providers, eliminating direct email invitation capabilities.

This configuration ensures complete adherence to corporate identity governance policies while streamlining administrative oversight.

Organizations can enable mandatory SSO through Tallyfy^® support channels.

What data security protocols does Tallyfy use?

Transport Layer Encryption: Data transmission utilizes robust encryption protocols (TLS 1.2 or higher) ensuring secure communication channels between client systems and Tallyfy^® infrastructure.
Data-at-Rest Protection: Information stored within AWS-hosted infrastructure receives comprehensive encryption protection using enterprise-grade security algorithms.
Tenant Isolation: Organizational data maintains logical separation through unique identifier-based segregation mechanisms.

How does Tallyfy manage operational security?

Vulnerability Assessment: Regular security scanning and annual penetration testing by external specialists identify and address potential system weaknesses.
Change Control Procedures: Infrastructure modifications undergo systematic development, testing, review, and approval protocols before implementation.
Continuous Monitoring: Real-time system surveillance through AWS CloudWatch and GuardDuty detects performance anomalies, availability issues, and suspicious activities with immediate alerting capabilities.
Incident Response Framework: Documented security incident procedures undergo regular testing and refinement to ensure rapid response capabilities.

How does Tallyfy manage third-party risks?

Vendor Security Assessment: Third-party relationships undergo comprehensive security evaluations before engagement, with periodic reassessment protocols.
Supply Chain Oversight: Critical infrastructure partners, including AWS, undergo regular compliance review through SOC 2 assessments and security documentation evaluation. According to industry research ↗, SOC 2 adoption increased 40% in 2024, reflecting growing enterprise security requirements.

Miscellaneous > Terms & legals

Tallyfy maintains SOC 2 Type 2 attestation GDPR compliance HSTS security BIMI email standards custom data processing agreements comprehensive encryption multi-layer API protection AWS GovCloud hosting options and various enterprise-grade security measures to meet regulatory obligations and enterprise requirements.

Integrations > Authentication and SSO

Tallyfy offers complimentary Single Sign-On integration for paid plan customers enabling seamless authentication through enterprise identity providers like Microsoft Azure AD Google Workspace Okta and OneLogin with enhanced security centralized access control and automated account provisioning while supporting SSO-only enforcement for maximum compliance.

Miscellaneous > About Tallyfy

Tallyfy earns customer trust through nearly a decade of continuous service since 2015 operating as an independent profitable company without venture capital backing maintaining enterprise-grade SOC 2 Type 2 security compliance and focusing on sustainable long-term customer value rather than investor returns or market hype.

Terms Legals > Tallyfy's privacy policy

Tallyfy’s privacy policy and security documentation can be accessed through dedicated web pages that outline data collection practices protection measures and compliance standards.

Get in touch

About Tallyfy