Security Objectives

The mission of Tritium Research’s Information Security Services includes:

• Assure the ability of Tritium to grow and fulfill its mission in the face of an ever-changing risk environment.
• Maintaining and routinely updating all policies and procedures to make sure they have the most up to date practices and procedures.
• Aiding the company in advancing a technologically sound business medium.
• Maintaining the role of an active and responsible participator in the Internet world.
• Assure the integrity of the company’s technology based teaching medium.
• Protecting the privacy of all sensitive data, be it client data or employee data.
• Subscribe and comply with external security reviews (etc. ISO27002 and PCI DSS 2.0 standards).
• The Information Security Department strives towards these goals by implementing, measuring and continuing to promote user awareness in the field of information security.
• The purposes of these goals are to strengthen the resilience of Tritium by limiting the effect of security related exposures on creating and maintaining policies and procedures.
• Develop plans and methods to become proactive and reactive to threats that endanger the strategic plans of Tritium and system integrity.
• Tritium maintains a complete set of Information Security documentation that outlines data security practices, procedures and standards that are accepted by the Information Security community. Information Security policies are reviewed on a yearly basis unless there is a significant change. Our Information Security team is actively involved in the Information Security community to assure the effectiveness of their practices. All new Information Security policies and any changes to active policies, and procedures, must be approved by the Chief Information Officer, by a board member or owner of the company.
• Tritium has a formal risk assessment process in place to identify and eliminate the risk of compromised data. This process is used to identify all potential risks whether they reside within Tritium, an entity connected to Tritium, or an outside vendor that will receive Tritium data. Critical processes are reviewed on a yearly basis to assure that the highest data security standards are being used.

Design Objectives

Tritium Research's main application is Fusion,  a collection, accounting, and management interface. Fusion consists of a collections user interface, accounting interface and a user management interface. These applications are supported by the following products.

• Microsoft SQL Server houses all client data. The data is encrypted using SQL Server Transparent Data Encryption (TDE).
• Microsoft Active Directory – Is used for all end user authentication for the Fusion platform as well as network and file share permissions.
• Microsoft Message Queuing – Is used for the middleware communications between the agent and the database machine.
• Microsoft Exchange Server – is user for all electronic communications.

The following supporting technologies are used in a corporate environment to promote data integrity to assure the safety of the data.

• Endpoint Security and Control for anti-virus, USB storage and data encryption.
• Vulnerability assessment and penetration and vulnerability testing.
• Patch management.
• All sensitive data is protected at rest, including placement files, recordings and any other file types that contain sensitive information as defined by the Data Classification Policy.