Ensuring data security is an utmost priority to The Exemption Project. We take a series of steps to ensure the data remain secure.
The following measures are considered industry standard and are followed by large tech companies and other industry players across the world. Data obtained from the partner organization are placed in a secure data center by TEP staff. We offer SFTP for secure data transfers. Various data encryption technologies including VPN, Secure Sockets Layer (SSL), Transport Layer Security (TLS), and digital certificates are used to protect the transmission of and access to data and systems used for analysis. Datasets are not stored on local computers or other devices and will remain on file servers in the secured environment at all times. Credentials for the hard drive or connection are shared separately and securely.
Server access requires public-key and multi-factor authentication. Public-key authentication requires a specific file to be present and referenced on a user’s system when communicating with the server. These files are unique to the user communicating with the server and involve an additional password lock specific to that key. Multi-factor authentication requires possession of a device that generates temporary tokens. The database server is only accessible within a private, secure network. Accessing the database server requires public-key authentication, multi-factor authentication, and individual usernames and passwords. All database queries are encrypted and stored. We encrypt our data drives and database at rest and in transit. We use logging and an intrusion-detection system to monitor and maintain the security of the system. Please contact us for further clarifications or questions,