Risk assessment policy

Tailscale reviews risks on a regular basis, to ensure proper mitigations are in place.


This policy covers any risk that could affect confidentiality, availability, and integrity of Tailscale’s key information assets and systems.

Risk assessments can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

Risk assessment

The Security Review Team is responsible for completing periodic information security risk assessments for the purpose of determining areas of vulnerability, and to identify and initiate appropriate remediations.

A risk register should include:

  • Identification of the risk
  • What mitigations have been put in place
  • Acceptance of the residual risk

The execution, development and implementation of remediation programs is the joint responsibility of the Security Review Team. Employees are expected to cooperate fully with any risk assessment being conducted on systems for which they are held accountable. Employees are further expected to work with the Security Review Team in the development and implementation of a remediation plan.


Risks should be evaluated on an annual basis.