Cyber Security at Toucan

The team at Toucan is committed to creating high-quality security for our customers, our product, and our employees. We maintain a comprehensive set of certifications to ensure that data is safe, at every level. We selected the industry-leading framework, the National Institute of Standards and Technology (NIST) to ensure the best security program throughout our software platform.

The National Institute of Standards and Technology (NIST)

 

The National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidance to help organizations assess risk. The main priorities of NIST were to establish a set of standards and practices to help organizations manage cybersecurity risk, while enabling business efficiency. 
  • NIST Cybersecurity Framework is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risks.
  • NIST Cybersecurity Framework is divided into five main parts called Functions. Find out below how Toucan applies these Functions in its product.
NIST-CybersecurityFrameworkMain-20

NIST Cyber Security Framework

At Toucan, all data provided by our customers is viewed as confidential information. We work with companies of all sizes from different industries around the globe and are committed to protecting and defending our customers on all security needs.
Implementing the industry-leading NIST practices, we follow a cyber security framework allowing us to meet security needs and present quality insurance around all our data security controls. Read more to better understand our security and privacy management practices, as broken down within the 5 functions of the NIST framework.

Identify

We manage cybersecurity risk by inventorying our:

 

- Assets

- Business environment

- Governance

- Supply chain

Detect

We identify cybersecurity events by:

- Detecting anomalies and events


- Applying a
continuous monitoring


- Applying
cybersecurity detection processes

Respond

We take action regarding a detected cybersecurity incident with:

- Response planning  communications 

- Analysis  after every event 

- Mitigation to cybersecurity events

 

Recover

We maintain plans for resilience to:

 

- Restore any capabilities to services

- Improve  continuously