Security

ThinkData Works Security: Frequently Asked Questions

At ThinkData Works, the security of our users and their data is our primary concern. We believe it is important for our users to have the most accurate information regarding our policies and protocols. We have designed this FAQ page to serve as a starting point for anyone interested in the security and standards at ThinkData. For more information, please contact us.

General
Does ThinkData Works have an information security program?

ThinkData Works has an information security program, as required by the SOC2 certification.

Does ThinkData Works have any security certifications? What type?

ThinkData Works is SOC2 and Cyber Essentials certified.

Does ThinkData Works have an incident response plan?

ThinkData maintains an incident management policy that will notify platform users of any cybersecurity or privacy breaches. Clients will be notified and a full incident report will be shared following the incident. ThinkData Works has thorough documentation on incident management including clear RACI assignments for Engineering, Security, F&BO, Talent & Culture, and Executive staff.

What is ThinkData Works' Privacy Policy?

ThinkData Works' privacy policy can we reviewed in full here.

What are ThinkData Works' Terms of Service?

ThinkData Works' data catalog's terms of service can be reviewed in full here.

Does ThinkData Works have an anti-bribery and corruption policy?

ThinkData Works has zero tolerance for corrupt activities of any kind. Bribes or other improper or unauthorized payments, or acts that create the appearance of promising, offering, giving or authorizing such payments, are prohibited by this Policy. A full copy of the anti-bribery and corruption policy is available upon request.

Does ThinkData Works have an ethics or code of conduct policy?

ThinkData Works has a code of ethics policy predicated on four principals of integrity, inclusivity, respect, and empathy. Our code of conduct is available upon request.

Information Security
Does ThinkData Works regularly undergo penetration testing by a third party firm?

Comprehensive audit and penetration tests are performed by a third party firm and are available upon request. SOC2 compliance reports are available upon request.

Does ThinkData Works have a business continuity plan or a disaster recovery plan?

All data processing is located in Canada for SaaS or managed cloud operations. ThinkData supports geographic redundancies and disaster recovery. Platform access is secured with TLS. Data will remain in Canada if set up on Canadian data centres.

Does ThinkData Works support multi-factor authentication?

Multi-factor authentication is available for all user accounts. User accounts can be enabled with multi-factor authentication and multi-factor authentications can be set as a requirement for an entire organization.

Does ThinkData Works platform track access and activity logs?

Activity and access logs can be captured in both public and private environments and exposed to the customer. Logs may also be directed to customer log system upon request. Logs may also be exported upon request.

How does ThinkData Works handle my personally identifiable information (PII)?

ThinkData Works does not sell or license your data. Users may at any time request that ThinkData Works erase and permanently destroy any information the company holds about the user.

Does ThinkData Works sell personally identifiable information (PII)?

No. ThinkData operates a data marketplace of publicly available open data. The data on this marketplace is sourced from government-maintained open data portals and its use restrictions and licensing information are maintained across all environments. ThinkData's partnership network includes organizations that are legally entitled to manage and maintain their subjects' personal information. This data is not transferred into or delivered through ThinkData Works' platform or made available for consumption by its clients.

Platform
What are the security implications of a public vs. private deployment of the data catalog?

ThinkData's public platform is multi-tenant, meaning that all organization accounts share the same database. Private deployments are completely separate cloud infrastructure projects that are 100% walled off from one company to the next. For private deployments, access for ThinkData employees follows different access request procedures, as determined by the deployment administrators.

My organization has a secure environment. How would we access the ThinkData Works platform and flow data through it securely?

ThinkData Works has three solutions for maintaining the quality of an organization's secure environment. The platform supports IP whitelisting for a private deployment, and can create a VPN tunnel for additional security. Lastly, ThinkData Works can deploy the platform on an organization's infrastructure entirely.

How does ThinkData Works transfer data?

The ThinkData Works platform provides SSL connections on the user interface and API to ensure that traffic is encrypted in transit. SSL is a required parameter and cookies are configured to only be transmitted over a secure connection to end users. The platform also supports accessing secure data source types such as SFTP, FTP, Google Cloud Platform, and Amazon S3 with SSL.

Does the platform provide access controls?

The ThinkData platform's access controls comply with standard policies and procedures that address: onboarding; offboarding; transitions between roles; regular access reviews; limiting and controlling the use of administrator privileges; and activity timeouts. The platform supports a mechanism to view which users have access to what features and datasets to facilitate regular access reviews.

How is SSO technology provided through ThinkData Works' platform?

The ThinkData platform supports SSO using ActiveDirectory, SAML or OAuth.

If I send private data into ThinkData Works' platform, how will it be stored?

ThinkData's public platform is SOC2 certified, and as such maintains extremely rigid security concerns that are completely separate from one organization to another.

How is the platform updated?

ThinkData enables platform components to be upgraded regularly without disruption to performance. Application upgrades can be handled automatically if under SaaS. Updates are available every 2 weeks but customers may determine how often they would like their environment to be updated. Upgrade scripts are provided if a customer chooses to deploy the ThinkData platform on-premises.

Does the platform undergo routine quality assurance?

The platform undergoes rigorous automated and manual QA in a test environment prior to the release of a new version.

What file types does the data catalog support?

The platform currently supports: separated values files (CSV, TSV, etc.); fixed-width files (FWF); spreadsheet files (XLS, XLSX); object and mark-up files (JSON, XML, GML, etc.); and geometry files (GeoJSON, SHP) among others. With ZIP files, the platform has the ability to parse and select specific files within an archive.

This automated file type handling ensures that the data undergoes the fewest possible transformations with as little human intervention as possible. Where human intervention is preferred, the ingestion service supports a rich configuration language.