Tallyfy is committed to maintaining a robust security and compliance posture to protect customer data and ensure the reliability of our platform. This section provides an overview of our compliance certifications and key security practices.
SOC 2 Type 2 Compliance
Tallyfy has successfully completed a Service Organization Control (SOC) 2 Type 2 examination for its workflow automation platform.
Report Period: The examination covered the period from May 21, 2024, to August 21, 2024.
Trust Services Criterion: The audit focused on the Security criterion established by the American Institute of Certified Public Accountants (AICPA).
Auditor: The independent examination was conducted by Prescient Assurance LLC.
Current Status: Our SOC 2 Type 2 status is maintained through continuous monitoring and annual audits. The next audit window concludes on August 21, 2025.
The SOC 2 Type 2 report provides detailed information about Tallyfy’s security controls and their operating effectiveness.
Key Security Practices
We implement a comprehensive set of security controls aligned with industry best practices to safeguard our systems and your data. Key areas include:
Access Control
Principle of Least Privilege: Access is granted based on roles and responsibilities, ensuring users only have the permissions necessary for their job functions.
Authentication: Unique user credentials and Multi-Factor Authentication (MFA) are enforced for access to sensitive systems.
Regular Access Reviews: User access rights, particularly for privileged accounts, are reviewed periodically (annually for users, quarterly for privileged access) and adjusted as needed.
Separation of Duties: Development, testing, and production environments are segregated, and access controls prevent developers from accessing production infrastructure without approval.
Data Protection
Encryption in Transit: All data transmitted over public networks, including between users and the Tallyfy platform, is encrypted using TLS 1.2 or higher.
Encryption at Rest: Customer data stored within our AWS infrastructure (e.g., databases, file storage) is encrypted using industry-standard algorithms.
Data Segregation: Customer data is logically separated using unique organization identifiers.
System Security and Operations
Vulnerability Management: We conduct regular vulnerability scans and annual third-party penetration tests to identify and remediate potential security weaknesses.
Change Management: A formal change management process ensures that changes to the platform and infrastructure are developed, tested, reviewed, and approved before deployment.
Monitoring: Systems are continuously monitored for performance, availability, and security threats using tools like AWS CloudWatch and GuardDuty. Intrusion detection systems are in place to identify and alert on suspicious activity.
Incident Response: We maintain a documented Incident Response Plan and conduct regular training and testing to ensure readiness for security incidents.
Vendor Management
Due Diligence: Third-party vendors undergo a security review process before engagement and periodically thereafter.
Subservice Organization Monitoring: We review the compliance reports (e.g., SOC 2) of critical subservice providers like AWS.
Tallyfy maintains robust security measures and compliance standards including SOC 2 Type 2 attestation encryption protocols secure hosting and comprehensive data protection while offering customizable enterprise solutions and free SSO for all users.
Protect sensitive business data by storing it in secure systems and referencing it through secure links while limiting access to authorized personnel only.
Organizations can boost Tallyfy adoption through strategic implementation early user involvement automated onboarding customizable guidance snippets and continuous success tracking using activity metrics.
Single Sign-On integration with Tallyfy enables seamless authentication through major identity providers while offering enhanced security automated user provisioning and centralized access management across organizations.
