Services Industries Why Teleon How It Works Blog Contact Free Assessment
Security

Our Security Practices

Last updated: March 17, 2026

Our Commitment

Teleon is a cybersecurity company. We hold ourselves to a higher standard than most — not just because our clients depend on it, but because security is foundational to everything we do. This page describes how we protect our own systems, infrastructure, and the client data entrusted to us.

Found a vulnerability? Please report it responsibly to [email protected]. We review all reports promptly and commit to keeping researchers informed of our progress.

Internal Security Controls

Teleon maintains a comprehensive internal security program aligned with the NIST Cybersecurity Framework (CSF). Our program encompasses the five core functions — Identify, Protect, Detect, Respond, and Recover — and is reviewed and updated on a continuous basis.

Key elements of our internal program include:

  • Documented security policies and procedures reviewed annually
  • Regular risk assessments to identify and prioritize threats
  • Security awareness training for all employees upon hire and annually thereafter
  • Tabletop exercises and incident response drills conducted quarterly
  • Continuous monitoring of our own environment using the same tools we deploy for clients

Access Control

Access to Teleon systems and client environments is tightly controlled through the principle of least privilege. Every access decision is intentional and auditable.

  • Multi-factor authentication (MFA) is mandatory for all employees on every system, including email, internal tools, and remote access
  • Role-based access control (RBAC) ensures employees only have access to what is necessary for their role
  • Just-in-time (JIT) access is used for privileged and administrative access to client environments
  • Access reviews are conducted quarterly; access is revoked immediately upon employee separation
  • Privileged access workstations (PAWs) are used for all administrative tasks
  • Single Sign-On (SSO) is enforced across all internal SaaS platforms

Data Protection

Teleon applies layered controls to protect data at rest and in transit.

Encryption

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 or equivalent
  • Encryption keys are managed using dedicated key management systems with regular rotation policies

Data Classification

Teleon classifies all data by sensitivity level — Public, Internal, Confidential, and Restricted — and applies handling controls appropriate to each level. Client data is always treated as Restricted by default.

Backup & Recovery

  • Critical systems and client data are backed up daily with encrypted, geographically redundant storage
  • Backup integrity is verified through regular restoration tests
  • Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are defined and tested for all critical systems

Network & Infrastructure Security

Our infrastructure is built with security-first architecture principles:

  • Network segmentation separates client environments, internal systems, and management planes
  • Next-generation firewalls with application-layer inspection are deployed at all perimeter points
  • Intrusion detection and prevention systems (IDS/IPS) monitor all traffic in real time
  • DNS filtering and web proxy services block known malicious destinations
  • Vulnerability scanning is performed weekly; critical findings are remediated within 72 hours
  • Penetration testing is conducted annually by an independent third party
  • All remote access is via VPN with MFA; direct RDP and SSH exposure to the internet is prohibited

Incident Response

Teleon maintains a documented Incident Response Plan (IRP) based on the NIST SP 800-61 framework. Our process covers Preparation, Detection & Analysis, Containment, Eradication & Recovery, and Post-Incident Review.

Client Notification

In the event of a security incident affecting client data or environments, Teleon will:

  • Notify affected clients within 24 hours of confirmed incident identification
  • Provide a preliminary incident report within 72 hours
  • Deliver a full post-incident report, including root cause and corrective actions, within 14 days
  • Cooperate fully with any required regulatory notification obligations

Vendor Risk Management

Teleon carefully vets all third-party vendors and service providers before granting access to any systems or data. Our vendor management process includes:

  • Security questionnaires and review of SOC 2 reports or equivalent attestations
  • Contractual data processing agreements (DPAs) with all vendors who process personal or client data
  • Annual vendor risk reviews
  • Immediate access revocation upon vendor contract termination

Personnel Security

Our people are a critical layer of our security posture:

  • All employees undergo background checks prior to hire
  • Security awareness training is mandatory at onboarding and annually thereafter
  • Employees complete role-specific security training relevant to their access and responsibilities
  • All staff sign confidentiality and acceptable use agreements
  • Security performance is incorporated into employee reviews

Client Security Responsibilities

While Teleon takes responsibility for the security controls within our scope of services, a strong security posture is a shared responsibility. Clients are expected to:

  • Provide accurate and complete information about their environment during onboarding
  • Promptly report any suspected security incidents or anomalies to Teleon
  • Maintain responsibility for security controls outside Teleon's contracted scope
  • Ensure that authorized personnel complete required security awareness training
  • Review and acknowledge Teleon security reports and recommendations in a timely manner

Clients with specific compliance requirements (e.g., HIPAA, NIST) should review their applicable service agreement and shared responsibility matrix with their Teleon account manager.

Vulnerability Disclosure Policy

Teleon welcomes responsible disclosure of security vulnerabilities affecting our systems or website. We ask that researchers:

  1. Report findings privately to [email protected] before any public disclosure
  2. Provide sufficient detail to reproduce and assess the issue (steps to reproduce, screenshots, proof-of-concept)
  3. Avoid accessing, modifying, or deleting any data beyond what is necessary to demonstrate the vulnerability
  4. Allow reasonable time for us to investigate and remediate before public disclosure (we target 30 days for critical findings)

In return, Teleon commits to:

  • Acknowledge receipt of your report within 2 business days
  • Provide regular updates on our investigation and remediation progress
  • Not pursue legal action against researchers acting in good faith under this policy
  • Publicly credit researchers (with their consent) upon resolution
Out of scope: Social engineering attacks targeting Teleon employees, physical security testing, denial-of-service attacks, and testing of client systems without explicit written authorization from both the client and Teleon are outside the scope of this policy.

Contact Our Security Team

For security-related inquiries, vulnerability reports, or incident notifications, contact us directly:

For non-urgent security questions or to discuss our security program as part of a vendor evaluation, reach out via our contact form and select "Security" as the subject.