Updated: January 28th 2013
Internal security controls
Only certain TitanFile staff who, because of the nature of their work must have access to information, can retrieve information on users. In other words, specific system, database, or application access is granted on an “as needed” basis and controlled on the basis of job function.
When accessing TitanFile computer systems; staff users are responsible, and held accountable, for their assigned ID. Passwords are not shared among users and are changed on a regular basis. User accounts are disabled and passwords are changed upon termination of employment or contract.
TitanFile’s computer systems also have built-in audit functions that track access. These audit logs can be used to identify and track unauthorised attempts to access information.
Storage of personal information is not permitted on a routine basis on TItanFile desktop or laptop computer hard drives, except upon a customer’s express instructions, as part of providing work and services, which personal information is deleted from our staff user’s computer hard drive once work is completed.
Proprietary software applications are used to control access and maintain the security of the data in the systems.
Staff are aware that personal information (including paper files or documents, computer disks) must not be left out in plain view where any unauthorised viewing by outsiders could occur.
Paper files are discouraged and existing ones are stored in locked cabinets to which only certain TitanFile staff, due to the nature of their work, have access. Any important documents that are no longer needed and are to be discarded, are shredded on premise.
External access controls
To protect the security and privacy of your personal information from unauthorised external access, entry to TitanFile’s premises is controlled by a key-card access system.
Remote access to TitanFile computer systems by staff is limited by user IDs and passwords and is permitted on an “as needed” basis.
Entry to the TitanFile platform is protected by firewall and routing software, and by access controls installed on the paltform servers. All communication between client and server is performed over a secure socket connection. Critical servers are monitored by intrusion detection software, which reports unauthorised access or changes to the system.
Network and server security
TitanFile’s platform network and servers are located in Canada and are protected in a limited access server room. There is CCTV monitoring, modern access controls and the facility is built with a concrete and steel frame. Hard drives are encrypted in such way that, in the unlikely event they are physically stolen from the servers, they are useless without encryption keys.
The facility security is TIA 942 Tier III Standard and SaaS 70 Type II. The facility has 24X7 monitoring and trained technical staff. The facility also features N+1 redundancy, modern, energy efficient cooling, and a Fire Suppression Rapid Detection system with FM-200 Inert gas.
The stability of the system is assured by a UPS (uninterruptible power supply) and where appropriate, hardware redundancy features built into the servers. Industry-standard virus software, updated regularly, is installed on the servers.
The system has network/carrier neutral access to dark fibre with a gateway to Boston and transatlantic fibre-optic services.
Secure use of the platform
1. SSL and encryption
In order to help protect user security when communicating with TitanFile through our platform, we recommend the use of Google Chrome or Mozilla Firefox web browsers, or Internet Explorer version 8 or higher, or one of our mobile apps.
TitanFile is using 256-bit level encryption, this is the strongest, most secure form of encryption that is generally available in Internet browsers on the market in North America today.
2. Logging in
For your protection, we require that users “log in” to our platform using the appropriate email address and password. We suggest choosing passwords with a combination of letters and numbers. Users should not use combinations that can be associated with them easily, and change their password regularly.
Passwords should be kept secret at all times because they are used to help verify identity before users are permitted access to certain confidential information. Users unable to provide the correct password, are not granted access.
We recommend that shared computers have browsers set to NOT save passwords for future use. This option is available most modern web browsers.
On TitanFile login pages, users’ web browsers will establish a secure SSL connection between their computer and our platform. When users leave a secure portion of our platform, they will get a notification from their Internet browser that they are leaving the secure section, and returning to an open section.
In order for our websites and platform to confirm and re-confirm user’s identity throughout the course of their transactions, we make use of “cookies,” which are small text files sent by a website to user’s Internet browser and stored on their computer. There are two types of cookies: “session” cookies and “persistent” cookies. The primary difference between session cookies and persistent cookies is that session cookies expire when users have finished their browsing session (e.g., closed your browser, or left it idle for an extended period of time), while persistent cookies may remain on user’s computers after they have completed their browsing.
It is important to remember the following facts about cookies:
– they can only be read by the website that placed them;
– they cannot be used to track visits to other websites;;
– they cannot run malicious code or viruses; and
– they cannot search outside user’s browsers into their computer for information or download data.
Any changes to our Security Policy shall be acknowledged in a timely manner. We may add, modify or remove portions of this Policy when we feel it is appropriate to do so. You may determine when this Policy was last updated by referring to the modification date found on the version of the Policy available here.