Touchpoint Dashboard Position on Data Protection

We take confidentiality and security very seriously.  We understand the sensitive nature of your information.  Here is a summary of our position on this topic based on data from our subscription agreement, internal policy manual, and our third party hosting partners.

From our Subscription Agreement

4.2. Our Protection of Your Data. We shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data. We shall not (a) modify Your Data, (b) disclose Your Data except as compelled by law in accordance with Section 8.3 (Compelled Disclosure) or as expressly permitted in writing by You, or (c) access Your Data except to provide the Services and prevent or address service or technical problems, or at Your request in connection with customer support matters.

8.1. Definition of Confidential Information.  As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information shall include Your Data.

8.2. Protection of Confidential Information.  The Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.

What else we do at Touchpoint Dashboard

  • In addition to backups performed by our hosting provider, we also provide backups through automated scripts that store the data in a secure vault at Amazon S3.
  • We perform constant patching of software and monitoring of the backups to verify they are complete.
  • We store backup media in a secure manner and controls access.
  • We provide rapid access to backup data.
  • We label backup media appropriately, to avoid errors or data exposure.
  • We perform regular patching of our code base to improve security and functionality.
  • Internal passwords are stored in a bugtracker/collaboration tool accessible only by CEO, CTO, and necessary programming staff
  • This bugtracker/collaboration tool is accessed via https only
  • The dedicated production server’s password is only know by management and connection is made via SSH2 using DSA keys instead of entering a password
  • We use an SSL certificate on our production server to run the login page in “https”
  • We use Django’s CSRF tokens for ajax communication
  • We use a REST interface that only allows the needed operations for each endpoint and checks the user’s login status for every request
  • We store all customer data within US – including backups.
  • We will not access <customer> confidential data from outside of United States.
  • We have a policy that prohibits sharing of individual accounts and passwords.
  • We have a policy that implements the following Information Security concepts: need to know, least privilege and checks and balances.
  • We have termination or job transfer procedures that immediately protect unauthorized access to information.
  • We have implemented web application firewall protection.
  • We have implemented host firewall protection.
  • We have IDS/IPS technology implemented.
  • We use DMZ architecture for Internet systems.
  • Based on Django user authentication, each user needs to be logged in to access their own data
  • We ensure that remote access is only possible over secure connections.
  • We use separate physical and logical development, test and production environments and databases.
  • We secure development and test environments using, at a minimum, equivalent security controls as the production environment.
  • We have implemented encryption for confidential information being transmitted on external or Internet connections with a strength of at least AES 256 bit or uses TLS 1.0, preferably TLS 1.1.
  • We have password-protected screen savers that activate automatically to prevent unauthorized access when idle, for computers used by system’s support users.
  • We have changed or disabled all vendor-supplied default passwords or similar “published” access codes for all installed operating systems, database management systems, network devices, application packages, and any other commercially produced IT products.
  • We use passwords that are a min. of 8 characters, expire at least annually & have complexity requirements.
  • We ensure that passwords are never stored in clear text or are easily decipherable.
  • We check all systems and software to determine whether appropriate security settings are enabled.
  • We manage file and directory permissions following least privilege and need-to-know practices.
  • We authenticate all user access with a password, a token or biometric methods.
  • We do not use production data for both development and testing, unless it has been sanitized.
  • We limit access to development and test environments to personnel with a need to know.
  • We set the account lockout feature for successive failed logon attempts on all system’s support computers.
  • We ensure that access to confidential information, across a public connection, is encrypted with a secured connection and requires user authentication.
  • We have implemented protections for Common Vulnerabilities and Exposures (CVEs) in a timely manner to protect from exploits.
  • We ensure that application server and database software technologies are kept up-to-date with the latest security patches.
  • We immediately remove, or modify access, when personnel terminate, transfer, or change job functions.
  • We achieve individual accountability by assigning unique IDs and prohibiting password sharing.
  • We ensure that critical data, or systems, are accessible by at least two trusted and authorized individuals, in order to limit having a single point of service failure.
  • We ensure that users have the authority to only read or modify those programs, or data, which are needed to perform their duties.
  • We perform vulnerability scanning at least quarterly.

How we handle storage of uploaded files

We have two levels of security for uploading and downloading files.  First, we check whether user has sufficient rights to upload/download the file.  On first level, this is done by verifying our database records, which looks for following things before granting authorization:

  1. User is the one who created the map (or a map is shared with the logged in user)
  2. If either of the above conditions is false, user is not allowed to read or write any files
  3. If user is the one with whom the map is shared but doesn’t have edit rights, user can only download the file but can’t upload any new files

Touchpoint Dashboard stores these files on Amazon S3 storage cloud, which is very secure and designed to achieve 99.99% durability.  For Touchpoint Dashboard files it provides second a level of security.  All the files which are attached to a touchpoint (under the files tab) are stored privately in a S3 bucket.

To facilitate download of such files, a temporary access token (temporary URL) is generated.  This token lasts for 45 seconds after which it gets expired.   That makes this temporary URL virtually non-sharable.

Reference:

http://aws.amazon.com/s3/faqs/#How_secure_is_my_data

http://aws.amazon.com/s3/faqs/#How_durable_is_Amazon_S3

Information on our hosting provider

Touchpoint Dashboard runs on a dedicated server.

Our web hosting provider uses some of the top datacenters in the world.  The datacenter that hosts the Touchpoint Dashboard servers is located in Manassas, VA.  The datacenter features redundant UPS systems, generator backup, VESDA detection systems, closed circuit monitoring of all areas and entrances, 24 hour guard manned security, redundant a/c systems, and fiber from 5 separate providers.

Our web hosting provider also applies OS updates, and patches to their system supported software when their official communities release them.  They have a team of dedicated System Administrators and their job is to test these patches and release them on the servers.  As part of this service, they:

  • Control access to secure areas, e.g. key distribution management (both physical and electronic), paper/electronic logs, monitoring of facility doors, etc.
  • Control access to server rooms and follows least privilege and need-to-know practices for those facilities.
  • Have special safeguards in place for computer rooms. e.g. cipher locks, restricted access, room access log, card swipe access control, etc.
  • Escort all visitors in computer rooms or server areas.
  • Implement appropriate environmental controls, where possible, to manage equipment risks, e.g., fire safety, temperature, humidity, battery backup, etc.
  • Provide daily backups in case of data loss, in addition to those performed by Touchpoint Dashboard.