Table of Contents

Add a header to begin generating the table of contents

SECURITY IS AT KOHEZION'S CORE

SECURITY STATEMENT

General

As a software provider, TGMT Systems, Inc. is committed to providing highly secure and reliable software. Our SaaS platform is hosted in a state-of-the-art data center. Additionally, our engineers utilize proven and state-of-the-art security technologies and techniques in order to protect all systems, data, and information from unauthorized access in the best possible way

Data Center

Kohezion's servers are hosted in Amazon's AWS secure data center located in the AWS Canada-Central Region. All data within the North America region is stored exclusively in Canada, ensuring it does not traverse the "cloud". For accounts requiring HIPAA compliance, data and backups are stored in the United States. Additionally, other regions are available upon request for Enterprise accounts. The data center operations and management are handled by Amazon Web Services (AWS).

Physical Security:

24/7 on-site security personnel and secure loading docks

Fingerprint-activated biometric locking mechanisms

Man-traps with weight sensors to determine if equipment is being carried out of the facility

90-day video monitoring with security cameras available for individual cage environments as needed

Recorded "in and out" logs

Password-protected access to both physical locations and web portals

Physical Reliability:

Concurrently maintainable mechanical and electrical systems

Complete redundancy for power system from utility breaker, generators down to power distribution

Full compartmentalization/separation of power and cooling distribution paths

Completely redundant cooling systems from CRAC units to pumps, chillers and plumbing

Highly reliable static transfer switches to move loads to and from primary and secondary circuits

Redundant, isolatable mechanical piping

Primary and secondary electrical paths fed from two different PDU's and two different UPS systems

24/7 on-site facility engineers and supporting redundant Network Operations Centers (NOC)

Compliance & Accreditations

Amazon Web Services (AWS) secure location facilities are designed to adhere to domestic and international compliance, customer care, and environmental standards.

Data centers comply with the regulations set up by the American Institute of Certified Public Accountants (AICPA) for Service Organization Control (SOC) type II reports and HIPAA (Health Insurance Portability and Accountability Act of 1996).

Annual audits verify compliance, via third-party

In addition, all data is processed in that location and is never moved to another jurisdiction. In other words, all data is collected in Canada, all data is processed in Canada.

Security

Server Security

Only authorized employees of TGMT Systems, Inc. can access the servers. Our security experts regularly patch our servers for any new vulnerability that gets disclosed. Access to our servers is restricted to specific individuals, whose access is monitored and audited for compliance.

Information Security

The Kohezion services are protected by strong authentication and authorization to ensure only authorized users can access and modify data. Each user in your Kohezion account has a unique user name and password.

Kohezion services use a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the user name or password of the user. Kohezion does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.

Data Retention / Backups

TGMT Systems creates a nightly backup on a daily basis at around 2:00 ET. TGMT preserves the backups for a period of 180 days. After 180 days, the backups are permanently deleted and the data can no longer be recovered.

TGMT stores the backups on a secured remote server separate from the operational servers running the Kohezion services to ensure no data is lost in case of a catastrophic failure of the operational servers. The backup servers are located in the same jurisdiction as the operational.

Data Destruction

TGMT shall permanently destroy all data deleted via the Kohezion services graphical user interface (GUI) or Web Services and APIs after 180 days once the deletion is performed using the services. Once the deletion is performed, the data is immediately no longer accessible via the operational servers. The deleted data will only be available via the nightly backups until the backups are permanently deleted.

Encryption

TGMT uses state-of-the-art strong encryption when the Kohezion services are used by end-users or remote systems using our Web Services and APIs. All connections are encrypted using Transport Layer Security (TLS) encryption (also known as HTTPS or SSL) with strong encryption and SSL certificates with 2048 bit keys. We regularly patch our servers when vulnerabilities related to TSL/SSL connections are disclosed. See the SSL report for more information on the specifics of our SSL installation. (https://www.ssllabs.com/ssltest/analyze.html?d=kohezion.com)

Internet Protocol (IP) Address Based Access Controls

Access to the Kohezion services for individual client accounts can be limited to only certain IP address ranges or they can be denied for certain IP address ranges. Contact support for more information on how this can be enabled for your account.

Disclosure

TGMT maintains a policy of full event disclosure for security incidents that affect client data. In the event of any security incident affecting your data, a notification will be sent to your account administrator.

Software development security

Security Best Practices
The TGMT software engineering team always follows the best practices to implement strong security and privacy controls in the Kohezion services. We follow all recommendations from the Open Web Application Security Project

Code Reviews
The TGMT software engineering team always follows the best practices to implement strong security and privacy controls in the Kohezion services. We follow all recommendations from the Open Web Application Security Project.

Quality Assurance Testing
In addition to code reviews, any code changes go through a thorough internal quality assurance testing process.

Human resources security

Employee Screening

TGMT Systems has background checks performed on all employees at the time of hire (to the extent permitted by law), and requires that non-disclosure and/or confidentiality agreements are signed by all Personnel. TGMT Systems policies prohibit employees from using confidential information (including client data) other than for legitimate business purposes, such as providing technical support, and this obligation continues after their employment ends.

An employee's or contractor's failure to cooperate fully in any background check and any dishonesty or omission of information pertaining to a background check by an employee precludes employment with TGMT Systems.

Terms of Employment

TGMT Systems operates an onboarding process including at a minimum the following steps:

POLICIES AND STANDARDS

Communication to the new employees of policies, code of conduct and behavioral standards.

POLICIES AND STANDARDS

SIGNATURE

Employee signature of the employment agreement (which includes a confidentiality agreement) and TGMT Systems Information Security Policy.

SIGNATURE

BACKGROUND CHECKS

Background checks (subject to local laws).

BACKGROUND CHECKS

Training

General information security training is provided to all new employees (both full-time and temporary) as part of their onboarding. The compulsory annual security and privacy training requirements ensure employees refresh their knowledge and understanding.

Development and SaaS Operations staff receives further training specific to product development, deployment, and management of secure applications. Additional security training is also provided to employees who handle client data.

Termination of Employment

TGMT Systems maintains a formal termination or change of employment process that, promptly upon termination or change of employment, requires a return of any and all TGMT Systems and Client assets, disables or adjusts access rights, and reminds ex-employees and ex-contractors of their remaining employment restrictions and contractual obligations. All accesses (logical and physical) are terminated on or before the termination date

IF YOU HAVE ANY QUESTIONS PLEASE CONTACT US

Cookie	Duration	Description
_drip_client_9673228	2 years	No description
m	2 years	No description available.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_P847864LPS	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_161937_5	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.