Like any company that uses information technology in its business, TRACX faces a multitude of threats that can affect the availability, confidentiality and integrity of the information required to deliver its services. These threats, some of which are constantly evolving among malicious individuals or companies, include the theft of identity, sensitive information and intellectual property; the illegal copying, use, modification, disclosure and destruction of personal, business or confidential information; industrial espionage; fraud; technical failures; human errors; and disasters of all kinds (e.g., water damage, fire, earthquake, prolonged power outage, hurricane, etc.).
Computer security and the protection of personal, business and confidential information (also referred to in this policy as "sensitive information" or "sensitive information") against these threats is a priority at TRACX and is given the highest priority. To ensure the safest possible handling of the sensitive information entrusted to us, TRACX has developed this Security Policy, which is strictly adhered to, and has put in place strict physical, technological, organisational and contractual security measures. TRACX and its team also apply web-based best practices in computer security.
Main objective of the policy
The primary objective of this security policy is to affirm TRACX's commitment to computer security in order to ensure the confidentiality and integrity of sensitive information at all times and to ensure that it is available to authorised individuals when needed to perform their work in a secure manner. By accessing and browsing this website, you accept the terms of this security policy without limitation or qualification.
Guiding Principles
The guiding principles that guide TRACX's computer security actions and measures are guided by the recognition of the guiding principles listed below.
- The importance of this IT security policy and the fact that the use of any sensitive information accessible on TRACX's network by any person in the course of his or her duties or tasks is governed by this policy so that what is permitted and what is not is clearly defined.
- The importance of being familiar with the sensitive information to be protected, identifying the holders and users of that sensitive information and being aware of their security measures to protect it and any changes to those measures.
- The importance of ensuring that each resource or partner of TRACX or its clients has access to the minimum amount of sensitive information required to deliver the defined services or perform their duties properly.
- The importance of recognizing that the sensitive information technology environment is constantly changing, interconnected with the world and that computer security is everyone's business.
- The importance of rigorously protecting sensitive information throughout its life cycle by applying established good IT security practices.
Scope of application
La présente politique de sécurité s’applique à la direction et à tout le personnel de TRACX, à ses ressources externes, partenaires, fournisseurs et clients, y compris tout membre de leur personnel, ainsi qu’à tout autre personne dûment autorisé(e) à utiliser l’information sensible disponible dans le réseau informatique de TRACX.
All persons covered by this security policy are responsible for:
- to be aware of this policy and any policies or best practices designed to ensure the protection and security of sensitive information and to apply them appropriately;
- use the access rights they have been granted to use sensitive information available to them on the TRACX computer network only when necessary for the performance of their duties or tasks, and only for the purposes for which those access rights are intended;
- respect the security measures deployed in all TRACX systems, equipment and IT products (servers, software, computers, applications and others) or other environments containing sensitive information;
- refrain from any action or use of any kind (copying, modifying, disclosing, deactivating, destroying, stealing, hacking or otherwise) that may affect the integrity, availability or security of sensitive information in TRACX's computer network;
- comply with legal requirements relating to the use of any system, service or product protected by intellectual property rights, including those of TRACX.
Incident Reporting Obligation
Each person covered by this security policy also has the obligation to report without delay to the person responsible for security in the organisation where he or she works, any act (misuse, theft, intrusion, malicious manipulation, fraud or other) that may constitute an actual or suspected violation of security rules and any anomaly (missing information, blocked access, disrupted functionality or other) that may affect the protection of sensitive information in TRACX's computer network or a network using TRACX's systems and services. In the event that it is not possible to notify the person responsible for security in your organisation without delay, please notify TRACX immediately using the contact information provided at the end of this policy.
External Resources
In order to ensure the provision of its services at all times, TRACX may use the services of external resources sometimes located outside of Canada. Each of these resources is carefully screened to ensure that they have an impeccable business record and possess all the knowledge, skills and equipment required to ensure a level of computer security that fully meets the requirements of this policy and web security best practices.
Awareness and training
Computer security awareness and ongoing training are essential to ensure the protection of sensitive information. It is therefore important that users of this information be made aware of potential threats and the consequences of a security breach so that they know and understand their role, obligations and existing security procedures, adopt responsible behaviours, develop their ability to recognize anomalies, incidents and potential risks, and contribute to the maintenance of a secure work environment. To this end, TRACX provides comprehensive training on the safe use of its systems and services to IT teams and other resources responsible for security at its clients.
Management and protection of sensitive information
Sensitive information must be protected from unauthorised or illegal use or access. To this end, all sensitive information is assigned an owner, categorised, catalogued and protected according to its level of sensitivity and life cycle to ensure its confidentiality, integrity, availability and traceability. The type of protection chosen is based on a periodic risk assessment of the use and processing of the information and is intended to ensure optimal protection in accordance with the level of sensitivity established for it. Access to sensitive information is granted according to the roles and responsibilities of the users and the information required for the performance of their tasks and functions.
Use of advanced encryption technology
TRACX uses the most secure and appropriate methods to secure our clients' sensitive information. Our website is protected using advanced encryption technology, the most secure encryption standard on the web today. To ensure secure sessions between your device's browser (computer, mobile phone, tablet) and TRACX's servers and to prevent loss, misuse, manipulation of data and unauthorised access to your sensitive information by third parties, TRACX uses, at a minimum, 128-bit SSL ("Secure Socket Layer") encryption. TRACX's security infrastructure is designed to block unauthorised access, among other things.
Regular updates
As data security is an essential component of TRACX's service offering, we continually review our security practices to optimise them with the best technologies available on the market in order to meet the highest web standards and apply the most rigorous computer security measures.
Active Monitoring
TRACX constantly monitors the traffic on its servers to prevent, detect, analyse and eliminate any suspicious activity on them in real time. Among other things, TRACX uses state-of-the-art protection technologies and conducts ongoing penetration tests and vulnerability scans to keep the risk of a cyber attack by a malicious individual or the deployment of malicious software as low as possible on its computer network
Incident Management and Business Continuity
As soon as TRACX becomes aware of an actual or suspected incident (disaster, cyber-attack or other) that results in a disruption or shutdown of systems or an interruption of operations or services, or when such an incident is brought to its attention, its team immediately deploys the appropriate measures in its contingency plan to ensure the security of the working environment and the protection of sensitive information, to minimise the consequences of the incident and to restore business as quickly as possible. This documented contingency plan, the effectiveness of which is validated by simulation tests, is updated regularly and made available in multiple formats to ensure that it is accessible at all times, should the need arise. Once business is restored and the incident is closed, TRACX follows up to ensure that everything is back to normal and that the environment disrupted by the incident is fully operational and safe again.
Secure access to the TRACX website The current Tracx website is not secure
Always ensure that your browser establishes a secure connection with the TRACX website. When the connection is secure, the URL displayed in the address bar begins with "https://" and may be preceded by a closed padlock or a statement such as "secure connection". If not, the URL starts with "http://" (without "s"), the padlock is opened or crossed out with a slash, and a statement such as "site not secure" may be shown. When the connection is not secure, it is strongly recommended not to enter personal information on the site displayed, as this will not be protected and will be accessible to everyone.
Vigilance and reminders
Despite the measures described in this policy, no method of data transmission or storage is 100% secure or error-free. While TRACX takes the utmost care to ensure security, it cannot guarantee absolute security. You, as a web user, also have a role to play in keeping your information secure and should therefore be vigilant when using the Internet.
TRACX would like to take this opportunity to remind you that in the event that any evidence (e.g., a password) is found, you should contact TRACX. : TRACX takes this opportunity to remind you that in the event that any indication (e.g. missing information, blocked access, disrupted functionality or other) gives you reason to believe that the security of your sensitive data has been compromised or that your use of its systems and services or your interaction with its resources is no longer secure, please immediately notify the person responsible for IT security within your organisation or, if this is not possible, notify us immediately using the contact details below so that we can take control of the situation and implement the necessary measures as quickly as possible to carry out the appropriate checks and, if necessary, take the necessary actions to resolve the problem and ensure the security of the network again.
Email
soutien@tracx.ca
Merci d’indiquer « Sécurité » dans l’objet.
Phone
Customer Service
514 552-1013
This security policy is in effect since February 15, 2022.
Date of last update: 15 February 2022.
