Security hyper-vigilance has always been the standard at TCDI. We approach security from three angles: physical security; network and infrastructure security; and application data security.
Security protections are in place to prevent any intended or inadvertent physical breach. Access throughout TCDI facilities is restricted by cardkey readers limiting access on a need-to-have basis and all visitors to TCDI’s facilities must be logged in and escorted while on the premises. The datacenters are restricted by biometric access readers with access restricted to system engineers only. Additionally, each floor of each building and the datacenter uses closed circuit security cameras to monitor access and activity. After hours, the facilities are occupied and patrolled by an armed, off-duty police officer.
TCDI takes care in isolating all client systems and data for maximum security. Each client system has its own set of servers and network segments, and all data, files and image stores are segregated by client at all levels including backup media. Each client system has multiple internal and external facing firewalls to further protect it against unauthorized access. Monitoring controls are in place to review security exceptions and invalid access attempts are logged and reviewed daily.
Application Data Security
All electronic data transfers, whether it is data delivery or Internet access through the CVFox® platform, use SSL protocol. Data access within the CVFox platform is controlled by client-defined security groups and can be controlled down to the field level. All user actions within the platform are logged and can be provided when needed.
Companies today dedicate broad efforts, even whole departments, to corporate governance, compliance, and risk reduction. At TCDI, the primary efforts aimed at reducing risk extend to the products and services we provide our clients. We combine the careful hiring and training of staff with the implementation of standards, processes and controls in all aspects of what we do.
In addition to ongoing internal audits and the periodic audits performed by our clients, TCDI submits to an annual independent Service Organization Control (SOC) audit and report. Specifically, the SOC 2 Type II report concentrates on the system controls relevant to one or more of the Trust Services Principles of Security, Availability, Processing Integrity, Confidentiality, and Privacy.
While the SOC 2 audit and report are not designed specifically for the eDiscovery industry, it does provide focused, audited efforts on the processes and controls relevant to the delivery of our products and services. It helps prove that we have the right knowledge, processes, and controls in place to perform our duties in a sound (defensible) and consistent (reproducible) manner.