How we protect your timesheet data
At Tempora our client data security is a matter we take seriously. All Tempora data is stored locally to the relevant client, for example our UK clients will have their data stored within one of several UK sites, unless they request otherwise. All data in motion is protected with HTTPS protocols, to ensure it can't be intercepted. Real-time intrusion detection is used by both Tempora and Microsoft Azure to ensure integrity of the network infrastructure.
Whilst using Tempora, all data, whether it is sensitive or not, is encrypted with 128-bit AES encryption, which is currently one of the most secure encryption methods used and considered logically unbreakable.
Tempora operates an ‘as long as necessary’ data approach, data deletion will be done so immediately upon request, unless instructed to store the data, which otherwise means we will store it securely for a few months, before promptly destroying the data. Our cloud servers can be sanitised within a short time frame of the request and then destroyed upon mutual agreement with the client.
Data is backed up daily and weekly. An authorised admin can gain access to these backups by contacting our support team and verifying their identity. These backups are stored in two offsite locations, in different locations to the hosted servers. This allows us to have at any one time, three secure copies of our clients data. Back ups can be stored anonymously, meaning each record is encrypted with meaningless data.
Finally, all of our servers are subject to regular penetration and security tests. With results being available to clients and all actionable insights followed up at the earliest suitable time. We're proud to confirm that in 15 years of operating via the cloud, we have not had any security intrusions.
Within the Tempora product, we utilise permissions to ensure that users can only access the relevant information. In the event of a support request, we utilise a named admin approach to ensure account permission elevation is appropriately signed off. The system is built in a manner which allows all information in the system be enabled or disabled on a per account basis.
Data Held In Tempora
Tempora can guarantee that stored information won’t be provided to or sold to 3rd parties, or used for unsolicited marketing. We will not access client data, other than at the request of the client. This is usually for support or training requests. There may be times in which we handle your data during the setup phase. This data is never printed and is only accessed on internally vetted machines. Locally stored files are destroyed at the end of the day.
All internal machines are encrypted and secured between 2 sets of double locked doors. The exterior doors to the building are covered by CCTV access. We are of course, more than happy to review any NDA documentation.
As well as using cutting edge security software, Tempora also ensure that no more than 3 people have access to your data at any one time, 2 of which are account directors. We have a full time security employee for grants procedural access to the data when required, with permission from the client. As an extra countermeasure, we also keep audit logs of data, the audit logs cannot be changed by anybody without a two-step verification from both our Technical and Managing Directors.