The Data Importer utilizes Cloud Hosting Providers including AWS and Google Cloud. Our Cloud Hosting Providers maintain the underlying Infrastructure, Redundancy and Power as part of the Share Service Model. More information about the physical security and the different controls of our Cloud Hosting Providers can be found at their websites: https://aws.amazon.com/compliance/data-center/controls/, https://cloud.google.com/security/.
Server Operating Systems. Data is stored using proprietary algorithms to augment data security and redundancy. The Data Importer employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
Business Continuity. The Data Importer’s subprocessor replicates data over multiple systems and regions to help to protect against accidental destruction or loss. The Data Importer’s subprocessor has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
Data Transmission. The Data Importer’s subprocessor transfers data via Internet standard protocols.
External Attack Surface. The Data Importer employs multiple layers of security to protect its external attack surface. The Data Importer’s subprocessor considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Threat Detection. Threat detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. The Data Importer’s subprocessor threat detection involves:
Tightly controlling the size and makeup of the Data Importer’s sub subprocessor's attack surface through preventative measures;
Employing intelligent detection controls at data entry points; and
Employing technologies that automatically remedy certain dangerous situations.
Incident Response. The Data Importer’s subprocessor monitors a variety of communication channels for security incidents, and The Data Importer’s sub subprocessor's security personnel will react promptly to known incidents.
Encryption Technologies. The Data Importer’s subprocessor makes HTTPS encryption (also referred to as SSL or TLS connection) available.
Onsite Data Center Security Operation. Data Center and Physical Security of those facilities are managed by our Cloud Hosting Providers. Please refer to the Cloud Hosting Providers’ websites: https://aws.amazon.com/compliance/data-center/controls/, https://cloud.google.com/security/ for more information.
Security Personnel. The Data Importer’s subprocessor has, and maintains, security policies for its personnel, and requires security training as part of the training package for its personnel. The Data Importer’s subprocessor's security personnel are responsible for the ongoing monitoring of the Data Importer’s subprocessor's security, the review of the Services, and responding to security incidents.
Access Control and Privilege Management. The Data Exporter’s administrators must authenticate themselves via a central authentication system or via a Single Sign-On system in order to administer the Services.
Internal Data Access Processes and Policies – Access Policy. The Data Importer’s subprocessor's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. The Data Importer’s subprocessor designs its systems to:
The systems are designed to detect any inappropriate access. The Data Importer’s subprocessor employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Access and Authorization is designed to provide the Data Importer’s subprocessor with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. The Data Importer’s subprocessor requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with The Data Importer’s subprocessor’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), the Data Importer’s subprocessor uses hardware tokens.
The Data Importer’s subprocessor stores data in a multitenant environment on the Data Importer’s subprocessor Cloud Hosting Provider environments. The data and file system architecture are replicated between multiple geographically dispersed availability zones. The Data Importer also logically isolates the Data Exporter’s data, and the Data Exporter will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable the Data Exporter to determine the product sharing settings applicable to end users for specific purposes. The Data Exporter may choose to make use of certain logging capability that the Data Importer may make available via the Services.
Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Disk”). Every Decommissioned Disk is subject to a series of data destruction processes (the “Disk Erase Policy”) before leaving the Data Importer’s subprocessor's premises either for reuse or destruction. Data at rest is also encrypted using security encryption algorithms. Decommissioned Disks are erased in a multistep process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Disk’s serial number for tracking. Finally, the erased Decommissioned Disk is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Disk Erase Policy.
The Data Importer personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. The Data Importer conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, the Data Importer’s confidentiality and privacy policies. Personnel are provided with security training.
The Data Privacy Office of the Data Importer can be contacted by the Data Exporter’s administrators at: firstname.lastname@example.org (or via such other means as may be provided by the Data Importer).
TeamSupport maintains policies,procedures and standards designed to deliver secure software and to protect the privacy of our clients information. The Company employs SSL/TLS encryption (AES 256) and other protective measures to secure all data. Additionally, these policies and procedures are reviewed annually, or as needed.
To help ensure the security and privacy of our clients information, we devote significant resources to continually develop our infrastructure. Customers access TeamSupport only with a valid username and password combination, which is encrypted via TLS while in transmission.
TeamSupport enforces tight operating system-level security by password protecting all operating system accounts and production databases. We also enforce operating system-level security by using a minimal number of access points to all production servers.
For our customers, each TeamSupport account includes two-factor authentication, password management options, user lock-out and session expiration to ensure they have the tools to help maintain account security within their environment.
Encryption of data atRest and in transit is also a security measure we take to help ensure the privacy of our customers’ data.
The Data Importer utilizes Cloud Hosting Providers including AWS and Google Cloud. Our Cloud Hosting Providers maintain the Infrastructure, Redundancy and Power as part of the Share Service Model. More information about the physical security and the different controls of our Cloud Hosting Providers can be found at their websites: https://aws.amazon.com/compliance/data-center/controls/, https://cloud.google.com/security/.
In addition to our vulnerability management program, TeamSupport employs third-party security experts to perform a broad penetration test across the platform.
In case of an alert, we have systems in place to escalate to our 24/7 teams providing operations, network and security coverage. Our employees are trained on security incident response processes.
All customer data is backed up to a geographically separate facilities on a continual basis. These backups are verified and encrypted.
TeamSupport maintains a Disaster Recovery plan for the platform, and encompasses principles of high-availability engineering.
TeamSupport has developed a thorough set of company policies covering a series of topics. These policies are shared with, and made available to, all employees and contractors with access to TeamSupport resources.
New employees attend security awareness and privacy training which is given upon hire and reviewed annually. In addition, employees are provided ongoing internal security awareness updates throughout the year because we understand this is an evolving subject matter. Topics cover a wide range, specifically smart password management, proper use and storage of devices, public awareness and customer privacy.
TeamSupport performs background checks on all new employees in accordance with local laws. The background check includes criminal, education, and employment verification.
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.