Security Portal

Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

Tesorio has implemented best-in-class security practices to keep customer data safe

More than just collections management and accounts receivable automation, Tesorio is the world’s first and only cash flow performance platform. Tesorio empowers CFOs and finance teams to boost profits by using artificial intelligence to better manage, predict, and collect cash.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
PCI DSS Logo
PCI DSS
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2
Get access to this Security Portal
  • Review sensitive security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Tesorio is reviewed and trusted by

BoxBox
SlackSlack
TwilioTwilio
Veeva SystemsVeeva Systems
CouchbaseCouchbase
HighspotHighspot
SmartsheetSmartsheet
DomoDomo

Documents

21 Documents
Pentest Report
SOC 1 Report
SOC 2 Report
PCI DSS
SOC 1
SOC 2
CAIQ
SIG Lite
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Business Continuity Policy
Data Classification Policy
Data Security Policy
General Incident Response Policy
Information Security Policy
Other Policies
Password Policy
Risk Management Policy
Software Development Lifecycle
Vulnerability Management Policy

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Pentest Report
SOC 1 Report
SOC 2 Report
See more

Self-Assessments

CAIQ
SIG Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
Heroku
See more

Endpoint Security

Endpoint Detection & Response

Network Security

Firewall
IDS/IPS
Spoofing Protection
See more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
See more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
See more

Trust Center Updates

Tesorio Update on 2022 OpenSSL 3 Vulnerabilities

Tesorio has become aware of the recently announced OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602. After a review, we have concluded that there is no impact to Tesorio or its customers at this time. Our cloud infrastructure partner provided a patch to our systems on November 1, 2022.

Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.

Sincerely, Fabio Fleitas Chief Technology Officer

Published at 11/07/2022, 8:45 PM

Tesorio Update on Heroku/GitHub

Last Friday, Tesorio became aware of an incident that occurred with Heroku & GitHub. Tesorio conducted an internal investigation with the recommendations from Heroku & GitHub and have determined that we were not impacted by this issue.

Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.

Tesorio values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.

Sincerely,

Fabio Fleitas

Chief Technology Officer

Published at 04/19/2022, 4:42 PM

Tesorio Update on SpringShell

Tesorio became aware of a recently disclosed CVE-2022-22965 - "SpringShell" RCE vulnerability in spring-beans before 5.2.20/5.3.18, Tesorio can confirm we have conducted an internal investigation and can confirm that we have no evidence that Tesorio customers or internal employees have been targeted or impacted by this vulnerability.

Tesorio will continue to monitor the situation closely and will provide updates where we have them available to us.

Tesorio values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.

Sincerely, Fabio Fleitas Chief Technology Officer

Published at 04/07/2022, 2:32 PM

Tesorio Update on Okta

Tesorio has been aware of Okta's breach. At this time, Tesorio does not leverage Okta for its internal SSO authentication and therefore Tesorio has not been impacted by this. We will continue to monitor the situation. For any customers that leverage Okta for their own SSO authentication, please review Okta's messages for more information on any actions they recommend.

Sincerely, Fabio Fleitas Chief Technology Officer

Published at 04/07/2022, 2:28 PM

If you think you may have discovered a vulnerability, please send us a note.