TSANet Security Committee
ISO27001 / ISO27701 Certification
ISO27701 and ISO27701 are globally recognized standards mandating processes and controls for the establishment, maintenance, and certification of information security management systems (ISMS) and privacy information management systems (PIMS).
The system was designed to reduce the risk of storing sensitive information about our Members Employees or Customers. To accomplish this the following decisions and policies were created.
What document defines the TSANet Data Protection and Privacy?
View TSANet Data Protection & Privacy Statement at https://tsanet.org/legal-policy/
What legal documents define how TSANet and Members work together to solve common customer issues?
View legal documents including the code of conduct at https://tsanet.org/legal-documents/
What Employee information do you store in the system?
The user profile requires Name, Email and Phone number. Members can also use Single Sign-on from their own identity management systems including support for just in time user provisioning and can control what information is sent to the TSANet Connect system.
What Customer information do you store in the system?
Members can define what common customer information they require when receiving a request. All customer data is removed from the system after acknowledgement and the
system will remove all customer data after 30 days leaving only the request metadata below:
Submitted By, Case Number, Priority, Summary, Date Requested, Date responded
Do you encrypt data in transit and at rest?
Data in transit is encrypted with SSL and data is encrypted at rest with AES-256.
How was your system developed?
The system was developed using best practices defined in the OWASP Secure coding practices guide. The Open Web Application Security project OWASP defines best practices for coding secure web applications. For more information on OWASP see https://owasp.org/
Some specifics of this best practice include:
- Best practices for administration of the system including 2-factor authentication to all
development and system administration environments
- Encryption on the transmission of all data
- Best practices for API development and access
What is your Network and Host Security?
The system is hosted at Linode: https://www.linode.com/
Linode provides a complete solution including physical and environmental security that includes both networking and host operating environments up to and including the hypervisor. Linode is a SOC 2 certified environment and more details on Network and Host security practices can be found at https://www.linode.com/legal-security/
What is your system uptime and support process?
The system is designed to provide 99.99% uptime. The following document provides information on the support process: https://tsanet.org/tsanetconnect-support