Information Security Policy

Last updated: June 2026

Telali Limited (\"we\", \"us\", or \"our\") prioritizes information security across all our consultancy activities. We align our security management system with the ISO/IEC 27001:2022 standard.

1. Access Control (A.9)

We enforce strict access controls on all systems and developer assets:

• Multi-Factor Authentication (MFA) is mandatory on all accounts.
• We employ the Principle of Least Privilege (PoLP) when accessing client systems.
• All access logs are collected and audited.

2. Cryptography (A.10)

Data protection in transit and at rest is guaranteed:

• All database connections are encrypted at rest using AES-256.
• Web connections enforce HTTPS with TLS 1.3.
• API keys and deployment secrets are stored in secure vaults, never in plaintext code repositories.

3. Vulnerability Management

Our continuous delivery pipelines include automated security scans:

• Static Application Security Testing (SAST) checks for code quality and vulnerability patterns.
• Software Composition Analysis (SCA) audits dependencies for known vulnerabilities.