Security Organization and Program. Telnyx maintains a risk-based assessment security program. The framework for Telnyx’s security program includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the Services and confidentiality, integrity, and availability of Customer Data. Telnyx’s security program is intended to be appropriate to the nature of the Services and the size and complexity of Telnyx’s business operations. Telnyx has a separate and dedicated Information Security team that manages Telnyx’s security program. This team facilitates and supports independent audits and assessments performed by third parties. Telnyx’s “Information Security Management System”, incorporating industry frameworks and compliances such as ISO 27001, SOC, NIST, CIS and others, will include programs covering: Policies and Procedures, Asset Management, Access Management, Cryptography, Physical Security, Operations Security, Communications Security, Business Continuity Security, People Security, Product Security, Cloud and Network Infrastructure Security, Security Compliance, Third-Party Security, Vulnerability Management, and Security Monitoring and Incident Response. Security is managed at the highest levels of the company, with Telnyx’s Chief Executive Officer and Security Officer, where applicable, meeting with executive management regularly to discuss issues and coordinate company-wide security initiatives. Information security policies and standards are reviewed and approved by management at least annually and are made available to all Telnyx employees for their reference.
Confidentiality. Telnyx has controls in place to maintain the confidentiality of Customer Data in accordance with the Agreement. All Telnyx employees and contract personnel are bound by Telnyx’s internal policies regarding maintaining the confidentiality of Customer Data and are contractually obligated to comply with these obligations.
