Security & Compliance
Empower Makers across your organization with the governance to instill confidence that your sensitive data and critical systems are being protected.
Data encrypted in-transit and at rest
All connections with Tonkean are encrypted using industry standard HTTPS/TLS protocols with all data fully encrypted following AES-256 standards while at rest or in-transit.
Item-level data retention policies
Define specific data retention lengths down to the field level to ensure sensitive data is only available as long as needed for each process.
Granular access controls at all levels
Tonkean is architected and engineered with in-built security. Comprehensive role-based access control (RBAC) ensures that every permission from data access through process creation are properly secured and controlled.
Full audit log of transactions
Tonkean maintains non-repudiation logs capturing full records of all edits to Solutions and Enterprise Components in development and all processed transactions within test and production environments.
Secure & Flexible Deployment Options
Tonkean can be deployed on the any of the three major cloud providers including AWS, Microsoft Azure (Private Cloud only), and GCP (Private Cloud only). All deployments have a hardened operating systems installation, firewall protection, and regular system patching process.
Tonkean’s public servers are stored on AWS in a multi-tenant environment. The public cloud environment will be managed by Tonkean.
A single-tenant cloud environment not shared with other customers. The dedicated instance will be managed by Tonkean and is hosted on AWS.
Have Tonkean installed on your organization’s private cloud environment. This cloud environment will be privately managed by your internal IT team. For private cloud, Tonkean can be hosted on AWS, Azure, and GCP.
SOC 2 Type 2
Tonkean is SOC 2 Type 2 compliant and independently audited for our commitment to meeting the most rigorous security, availability, and confidentiality standards in the industry in accordance with the AICPA Trust Services Principles and Criteria.