Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Talend's Security Program

Talend maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.

Talend policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.

Frameworks and Certifications

AWS Qualified Software Logo
AWS Qualified Software
CSA STAR Logo
CSA STAR
Cyber Essentials Logo
Cyber Essentials
Cyber Essentials Plus Logo
Cyber Essentials Plus
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27701 Logo
ISO 27701
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
Start your security review
View & download sensitive information

Talend is reviewed and trusted by

AB InBev-company-logoAB InBev
AstraZeneca-company-logoAstraZeneca
Covanta-company-logoCovanta
Domino's Pizza-company-logoDomino's Pizza
GE Healthcare-company-logoGE Healthcare
GSK-company-logoGSK
Orange S.A.-company-logoOrange S.A.
Siemens-company-logoSiemens
SNCF-company-logoSNCF
TD Bank-company-logoTD Bank
Toyota-company-logoToyota
Western Union-company-logoWestern Union

Documents

Security Whitepaper
Cyber Essentials Plus
HIPAA
ISO 27001
ISO 27701
SOC 1
SOC 2
CAIQ
CyberGRX Risk Assessment
FSQS-NL
Pentest Report
Cyber Essentials
SOC 3
Product Architecture
Cyber Insurance
BC/DR
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Business Continuity Policy
BYOD Policy
Clean Desk & Screen Policy
Data Classification Policy
Electronic Media Disposal Policy
Encryption Policy
General Incident Response Policy
Internal and External Communication Policy
IT Change Management Policy
Network Security Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
Talend Disaster Recovery Plan
Vulnerability Management Policy

Risk Profile

Recovery Time Objective
Recovery Point Objective
Hosting

Product Security

Audit Logging
Data Security
Multi-Factor Authentication
View more

Reports

Pentest Report
Security Whitepaper
Vulnerability Assessment Report

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
Azure
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Threat Detection

Network Security

Firewall
IDS/IPS
Security Information and Event Management
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

ImmuniWeb
https://www.talend.com/
A
Qualys SSL Labs
talend.com
A

Trust Center Updates

Product Security announcement - Apache Struts CVE-2023-50164

VulnerabilitiesCopy link

The security team is fully informed about the vulnerability CVE-2023-50164 affecting Apache Struts and has verified that Talend products are not affected.

In rare occasion, security scanner may trigger alerts on Talend ESB 7.3 because of legacy components that are no longer in use but still persist in the customer's filesystem. While Talend ESB 7.3 is not directly exposed to this vulnerability, a patch will be provided to further remove any dependencies toward Struts component.

Published at N/A

Product Security announcement - ActiveMQ CVE-2023-46604

VulnerabilitiesCopy link

Talend has been working diligently on addressing the ActiveMQ CVE-2023-46604 vulnerability situation throughout our Product portfolio.

Talend Product security team recommend customers to assess their exposure and apply the mitigation steps by updating the affected customer-managed components to the latest patch version.

Highly Recommended - if ActiveMQ broker is used

  • Talend ESB: patch 8.0.1-R2023-11, 7.3.1-R2023-12

Recommended - the following patches provide latest ActiveMQ client updates

  • Talend Studio: patch 8.0.1-R2023-11, 7.3.1-R2023-12
  • Talend Remote Engine: 2.13.1
  • Talend MDM: 8.0.1-R2023-11, 7.3.1-R2023-11

Talend have already implemented remediation and/or mitigations for the following Cloud offering

  • Talend Cloud
Published at N/A*

Product Security announcement - HTTP/2 Rapid Reset vulnerability CVE-2023-44487

VulnerabilitiesCopy link

Talend has been working diligently on addressing the HTTP/2 Rapid Reset vulnerability situation throughout our Product portfolio.

Talend Product security team recommend customers to assess their exposure and apply the mitigation steps by updating the affected customer-managed components to the latest patch version.

Talend have already implemented remediation and/or mitigations for the following Cloud offering:

  • Talend Cloud
  • Stitch

If additional details or assistance is needed, please contact our Support team on https://login.talend.com/support-login.php

Published at N/A

Talend is aware of and monitoring the HTTP/2 Rapid Reset vulnerability referenced as CVE-2023-44487.

Talend is scoping the remediation efforts throughout its Product portfolio and is in the process of developing fixes and remediations to address the vulnerability.

Published at N/A

Product Security announcement - CVE-2023-36301 affecting Talend Data Catalog

VulnerabilitiesCopy link

Talend's security team have released a new advisory for Talend Data Catalog. Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.

Published at N/A

Talend response to MOVEit vulnerability (CVE-2023-34362, CVE-2023-35708)

VulnerabilitiesCopy link

The security team at Talend is fully informed about the vulnerabilities (CVE-2023-34362, CVE-2023-35708) in MOVEit software and has verified that Talend products and systems are not affected.

For reference:

Published at N/A*

Product Security announcement - CVE-2023-33247 affecting Talend Data Catalog

VulnerabilitiesCopy link

Talend's security team have released a new advisory for Talend Data Catalog's remote harvesting server. Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.

Published at N/A*

Product Security announcement - CVE-2023-31444 affecting Talend Studio Microservices

IncidentsCopy link

Talend security team released a new advisory on Talend Studio Microservices deployments. Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.

https://www.talend.com/security/incident-response/#CVE-2023-31444

Published at N/A

SOC2, ISO 27001 and HIPAA Compliance updates from Talend

ComplianceCopy link

Talend's security team is pleased to announce the release of the latest certificates, compliance and audit reports for SOC1, SOC2, HIPAA, ISO 27001, ISO 27701 and Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR). These certifications and reports demonstrate our commitment to ensuring the highest levels of security and compliance for our customers.

Our SOC1 and SOC2 reports provide independent verification of the effectiveness of our internal controls and processes related to financial reporting, system security, availability, processing integrity, and confidentiality. Our HIPAA compliance demonstrates our commitment to protecting sensitive patient information, while our ISO 27001 and ISO 27701 certifications demonstrate our commitment to information security and privacy management.

Thank you for choosing Talend as your trusted partner. Talend Security Team

Published at N/A

Product Security announcement - CVE-2023-26263 and CVE-2023-26264 affecting Talend Data Catalog

IncidentsCopy link

Additional details and instructions have been posted on those two advisories. Please refer to https://www.talend.com/security/incident-response/#CVE-2023-26264

Published at N/A*

Talend security team released two advisories affecting Talend Data Catalog 8.0 and prior versions. While the severities are in the process to be determined, Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.

https://www.talend.com/security/incident-response/#CVE-2023-26264

Published at N/A*

Product Security announcement - CVE-2022-45588 and CVE-2022-45589 affecting Talend components

IncidentsCopy link

Additional details and instructions have been posted on those two advisories. Please refer to https://www.talend.com/security/incident-response/#CVE-2022-45588

Published at N/A

Talend security team released two advisories affecting Talend Remote Engine Gen2 and Talend ESB Runtime components. While the severities are in the process to be determined, Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.

https://www.talend.com/security/incident-response/#CVE-2022-45588

Published at N/A

Talend response on OpenSSL High Severity vulnerability (CVE-2023-0286)

IncidentsCopy link

Update: Feb. 21, 2023

Talend has been working diligently on addressing the situation throughout our Product portfolio and are in process of developing the code fix to address the impacted Products.

Statement

To trigger the High Severity vulnerability (CVE-2023-0286), the software must meet with 2 rare conditions such as (1) use of 3rd-party controlled CRLs (encoded as an uncommon X.400 address format) and certificates, and (2) download and verify them in real-time (again very uncommon).

Although, we are not aware of any such behaviors in our software, we advise our customers to update the affected components to the latest patch version once available.

Impacted products:

  • Talend Change Data Capture (CDC) - all versions up to 7.16

Non-impacted products:

  • Rest of Talend software

If you need additional details or assistance, please contact Talend Support on Talend Support portal (https://login.talend.com/support-login.php) or by sending an email to customercare@talend.com.

Published at N/A*

Talend is aware of and monitoring the OpenSSL security advisory published on 7th February 2023.

Talend teams are scoping the remediation efforts throughout its Product portfolio and is in the process of developing fixes and remediations to address the vulnerability.

This post will be further updated with latest available information

Published at N/A*

Okta Code Repositories breach

IncidentsCopy link

Talend security team is aware of the recent Okta code repository breach disclosure. Per Okta statement, Talend system has not been impacted and Talend security team continue to monitor the situation.

Okta statement : "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers."

Published at N/A

CVE-2022-3602 and CVE-2022-3786 Vulnerabilities in OpenSSL 3.0.x

IncidentsCopy link

Talend is aware of and monitoring the pre-announced OpenSSL 3.x (CVE-2022-3602 and CVE-2022-3786) security vulnerability.

Talend is scoping the remediation efforts throughout its Product portfolio and is in the process of developing fixes and remediations to address the vulnerability.

Update: November 1, 2022

To the best of our knowledge and the information currently available, Talend products are not impacted by CVE-2022-3602 and CVE-2022-3786 security vulnerabilities present in OpenSSL 3.0.x

While not directly exposed to vulnerable version of OpenSSL, we have proactively implemented preventative mitigations and continuous monitoring in Talend Cloud as an added precaution.

Published at N/A
Powered bySafeBase Logo