At TeleTracking, we are committed to excellence in everything we do, and this is paramount in our ensuring security in the products and services we provide to customers and in the way we manage our daily operations. We employ processes and technologies across the organization to secure data, systems, and services from intentional and unintentional threats and malicious attacks. Our approach can be summarized as follows:
- Identifying and managing security risks to valuable organizational data, systems, and services
- Protecting assets by developing, implementing, and operating appropriate levels of controls and safeguards
- Employing situational awareness and monitoring capabilities to ensure the timely discovery and detection of security events
- Preparing to take appropriate and decisive action when affected by security events
- Developing plans and exercises to ensure the resilience of key organizational processes and the ability to return to normal operating conditions quickly and efficiently.
Our security program incorporates industry standards in a layered, defense-in-depth approach. We govern our security program consistent with our achievement of ISO 27001 certification, which defines how we operate on a day-to-day basis, conduct business with customers, and interact with our vendors and business partners. Our security program is comprehensive, inclusive of key capabilities that we monitor and continuously improve, including:
- Published and communicated security policies, procedures, and standards
- Company-wide security training and awareness
- Data security, including end-to-end encryption throughout the data lifecycle and authorization and authentication controls that limit data access on a need-to-know and least privilege basis
- Infrastructure security that is tested and improved through regular penetration testing, vulnerability identification and remediation, and implementation of hardening standards
- Security of mobile and remote computing through enrollment and monitoring in mobile data management
- Secure software and systems development processes that include incorporating security requirements into design and architecture processes, application and software scanning and vulnerability management, logging and monitoring, and secure deployment
- Situational awareness via continuous monitoring provided by intrusion detection systems, malware detection and remediation capabilities, and endpoint monitoring and management
- Incident lifecycle management, including detection, analysis, response, and recovery as defined in a company-wide incident response plan that is tested regularly
- Business continuity and disaster recovery programs and plans to ensure continuity of operations in the event of disruption caused by a security event
- Physical security controls in work areas and computing environments that complement and enhance technical security controls over key assets
- Management of inherited risks through a vendor management process that addresses vendor selection, onboarding, regular reviews, and termination processes.
Data drives our business and is a critical asset for our customers and us. Therefore, data privacy is forefront in our cybersecurity strategy. Our processes for protecting data at rest, in transit, and in use align with best practices as defined by the National Institute of Technology’s guidance on personally identifiable information (PII), the Health Insurance Portability and Accountability Act (HIPAA) guidance on protected health information (PHI), and various privacy standards in the geographic regions in which we operate such as the United Kingdom’s General Data Protection Regulation (GDPR) and domestic standards in states such as California and New York.
Of course, we realize that the threat environment continues to evolve, and new threats will emerge. TeleTracking is committed to continually improving and enhancing our security program to meet current and future challenges. As such, we will alter our program accordingly as needed and update this statement when required.
Disclaimer: The information presented above is intended solely for the purposes of providing users a general overview of TeleTracking Technologies Inc.’s, and its affiliates and subsidiaries, (collectively “TeleTracking”) security practices. This webpage and its contents do not represent the totality of TeleTracking’s security and privacy practices and obligations. TeleTracking reserves the right to update or remove this information at its discretion without notice.