Access to Talkative systems is governed by our Access Control Policy, built on the principle of least privilege: access is granted on a need-to-know basis, and privileged access rights are restricted and managed.
Multi-factor authentication
MFA is enforced across our core systems, including our cloud infrastructure (root accounts included), identity and workspace accounts, version control, and key business systems.
Granting & reviewing access
- Access is requested and approved through a tracked process, with a record of access requests and their history.
- System accounts are associated with named individuals, and administrative account activity is attributable to the individual (non-repudiation).
- Access is reviewed regularly across our infrastructure and business systems, with documented access reviews.
- When personnel leave, their accounts are deprovisioned across our systems as part of offboarding.
Authentication standards
- An enforced password policy applies to infrastructure access.
- Applications enforce session timeouts, so idle sessions are not left open indefinitely.
- The cloud root account is not used for day-to-day operations.
Request the Access Control Policy under NDA