How we protect your timesheet data
Tempora Data Security, Protection and Privacy
What features you can look forward to soon!
At Tempora our client data security is a matter we take seriously. All Tempora data is stored locally to the relevant client, for example our UK clients will have their data stored within one of several UK sites, unless they request otherwise. All data in motion is protected with HTTPS protocols, to ensure it can't be intercepted. Real-time intrusion detection is used by both Tempora and Microsoft Azure to ensure integrity of the network infrastructure.
Whilst using Tempora, all data, whether it is sensitive or not, is encrypted with 128-bit AES encryption, which is currently one of the most secure encryption methods used and considered logically unbreakable.
Tempora operates an ‘as long as necessary’ data approach, data deletion will be done so immediately upon request, unless instructed to store the data, which otherwise means we will store it securely for a few months, before promptly destroying the data. Our cloud servers can be sanitised within a short time frame of the request and then destroyed upon mutual agreement with the client.
Data is backed up daily and weekly. An authorised admin can gain access to these backups by contacting our support team and verifying their identity. These backups are stored in two offsite locations, in different locations to the hosted servers. This allows us to have at any one time, three secure copies of our clients data. Back ups can be stored anonymously, meaning each record is encrypted with meaningless data.
Finally, all of our servers are subject to regular penetration and security tests. With results being available to clients and all actionable insights followed up at the earliest suitable time. We're proud to confirm that in 15 years of operating via the cloud, we have not had any security intrusions.
Within the Tempora product, we utilise permissions to ensure that users can only access the relevant information. In the event of a support request, we utilise a named admin approach to ensure account permission elevation is appropriately signed off. The system is built in a manner which allows all information in the system be enabled or disabled on a per account basis.
Tempora utilises Microsoft Azure as a cloud computing platform. Azure has been accredited to ISO/IEC 27000, 27001 and 27018 standards. This means that Tempora clients can relax, knowing that their data will not be used for commercial ends or targeted advertising. The data will also be returned or transferred to the owner if required and securely disposed of within a short period of time of request.The Tempora team will only access the data in the event of a client request. This is usually through a support ticket or training request. Each internal access is logged, audited and available to your clients at a request.
Using Azure means that we can geocache client's data in a region of their choice, with two backup drives running at all time, to ensure >99% uptime and prevent any data loss in the unlikely event of a system outage. It also allows us to utilise elastic scaling which allows us to ramp up performance in real time. This means when clients aren't using the system, we can scale down performance to lower the cost required to use Tempora. Similarly, we can ramp performance up as it is needed to ensure a responsive system. It also means that a new client instance can be added in a matter of seconds and ready to use minutes later.
Tempora can guarantee that stored information won’t be provided to or sold to 3rd parties, or used for unsolicited marketing. We will not access client data, other than at the request of the client. This is usually for support or training requests. There may be times in which we handle your data during the setup phase. This data is never printed and is only accessed on internally vetted machines. Locally stored files are destroyed at the end of the day.
All internal machines are encrypted and secured between 2 sets of double locked doors. The exterior doors to the building are covered by CCTV access. We are of course, more than happy to review any NDA documentation.
As well as using cutting edge security software, Tempora also ensure that no more than 3 people have access to your data at any one time, 2 of which are account directors. We have a full time security employee for grants procedural access to the data when required, with permission from the client. As an extra countermeasure, we also keep audit logs of data, the audit logs cannot be changed by anybody without a two-step verification from both our Technical and Managing Directors.