- CSA STAR - Level 1
- CSA STAR CAIQ
8 more topics
- Product Security
- Data Security
- Data Encrypted In-Transit
Twilio supports TLS 1.0, 1.1 and 1.2 to encrypt network traffic between the customer application and Twilio.
- Data Retention Policy
Twilio will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask Twilio to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
- Incident Management & Response
- Incident Response Plan (IRP)
Twilio maintains an incident response program in accordance to NIST SP 800-61. The program defines conditions under which security incidents are classified and triaged. Twilio Security Incident Response Team, or T-SIRT, assesses the threat of all relevant vulnerabilities or security incidents and establishes remediation and mitigation actions for all events.
- Availability & Reliability
- Infrastructure Redundancy
The Twilio platform was designed and built on a high-availability infrastructure that ensures redundancy.
- Organizational Security
- Employee Background Checks
All candidates in the USA must pass stringent background checks by a specialized thirdparty before being offered a position. For domestic candidates, these checks include: SSN trace, criminal county search (7-Year address history), multi-state instant criminal, National Sex Offenders Public Registry, OFAC, professional references, and education verification. For international new hires, the background check includes (where legal): international criminal search and education verification.
- Employee Security Training
All new Twilio employees attend a “Security 101” training during the onboarding process. In addition, all Twilio employees must take the Twilio Security and Privacy training once a year, which covers the Information Security Policies, security best practices, and privacy principles.
CONTINUOUS EDUCATION CAMPAIGN
The Twilio Security Team provides continuous communication on emerging threats, performs phishing awareness campaigns, and communicates with the company regularly.
1 more topic
- Business Continuity
- Disaster Recovery Plan
Twilio maintains formal Business Continuity and Disaster Recovery plans that are regularly reviewed and updated.
- Data Backups
Twilio performs regular backups of Twilio account information, call records, call recordings and other critical data using Amazon S3 cloud storage. All backups are encrypted in transit and at rest using strong encryption. Backup files are stored redundantly across multiple availability zones and are encrypted.
- Threat Management
Sign up to view Twilio's Subprocessors
Sign up to see the rest of Twilio's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.