TAMR DATA SECURITY POLICY
Customer data security is a top priority for Tamr, Inc. (“Tamr”). Customers trust Tamr to safely master their critical, proprietary, and sensitive data across a range of infrastructure and deployment configurations. To securely serve customers, Tamr leverages security protocols and best practices from its cloud partners, widely accepted customer data security frameworks, and internal security practices. The information on this page is intended to provide an overview of Tamr’s security practices and will regularly be updated to reflect the latest in Tamr security.
Corporate Security Policies
Tamr’s policy for customer data security within the Tamr corporation is managed and enforced by its information security and HR teams. Components of the security program include product security, infrastructure controls, assessment activities, employee awareness, physical security, and intrusion detection. Tamr employees undergo background checks appropriate to role and region through the hiring process. At the time on onboarding and during employment, staff receive regular training on security, privacy, and customer data protection responsibilities and are subject to robust security and data protection obligations. Tamr’s offboarding process ensures that departing employees have system access revoked according to company standards.
Tamr’s information security protocols identify employee teams for issue response and processes for determining appropriate response actions. Tamr’s security team regularly reviews infrastructure and applications for security vulnerabilities that may impact customer data security and evaluates new tools to improve security practices.
Tamr has intrusion detection systems in place to monitor server activity and access logs. Incident response procedures are in place to respond to anomalous activity and guidance is provided to Tamr employees on how to respond to suspicious activity. Our incident response procedures are tested by a third party annually.
Tamr has a Business Continuity Plan in place that addresses restoration of business operations for industry standard disaster scenarios. Tamr backs up customer content and data regularly and tests the backups to ensure functionality.
Tamr does not keep any data stored on local servers, instead utilizing cloud solutions. Tamr’s cloud native solution is hosted on the Google Cloud (region: us-east-1). Google has undergone multiple certifications that attest to its ability to physically secure Tamr’s data. You can read more about Google’s physical security process here.
Network Security, Encryption, and Access
Tamr service, hosted on Google Cloud, ensures that all data at rest is encrypted leveraging Google Cloud’s encryption. Sensitive customer data in transit is encrypted via secure socket layer (“SSL”), transport layer security (“TLS”) or Secure Shell Protocol (“SSH”). You can find more information on encryption procedures here. As customers’ data can include Personally Identifiable Information (PII), Sensitive PII (SPII) or Protected Healthcare Information (PHI),Tamr has implemented security measures to manage these data types with the applicable required level of care.
Tamr encrypts data transmitted over the public internet using TLS 1.2. Tamr uses secure electronic means to exchange data with customers using HTTPS. Tamr also applies strong ciphers and enforces perfect secrecy.
Tamr employs tools for intrusion detection and maintains access logs to bolster network and transmission security. All Tamr employees are required to use Single Sign On (SSO) with multi-factor authentication in order to access the Tamr product with SAML 2 and OAuth 2 protocols. Tamr’s customers can set multi-factor authentication (MFA) on their accounts for added security.
Tamr limits access to its development and production infrastructure based on business needs with authorization procedures in place for access. Tamr’s production network is separated from the rest of Tamr’s digital infrastructure. Firewalls and access controls follow the Principle of Least Privilege. Access to cloud hosted resources, including development and production networks, requires both user and device authentication with multi-factor authentication (MFA).
Third Party Penetration Testing
Tamr works with third-party firms to complete quarterly and annual automated and manual penetration testing and vulnerability reviews.
Tamr logs and monitors all activity on the platform, including all application access and administrative actions taken on the management plane. This includes the IP address used to access the platform, authentication information, and the details of the activity.
Tamr’s service is multi-tenant so customer data will be hosted and processed on common infrastructure. Tamr implements logical data separation in the data plane using approaches such as per-tenant schemas and tables to ensure that customer data is not visible across tenants.