ThinkData Works Security & Compliance
ThinkData Works is committed to meeting the highest standards of security and compliance in the industry to keep your data safe and secure.
Security Certifications
Secured, trusted, certified
ThinkData Works is SOC 2 Type II and Cyber Essentials certified, so you can trust that our team has the best policies and services in place for your security and protection.
Our Policies
What is ThinkData Works' Private Policy?
Our privacy policy can be reviewed in full here.
Does ThinkData Works have an anti-bribery and corruption policy?
ThinkData Works has zero tolerance for corrupt activities of any kind. Bribes or other improper or unauthorized payments, or acts that create the appearance of promising, offering, giving or authorizing such payments, are prohibited by this Policy. A full copy of the anti-bribery and corruption policy is available upon request.
What are ThinkData Works' Terms of Service?
Our terms of service can be reviewed in full here.
Does ThinkData Works have an ethics or code of conduct policy?
ThinkData Works has a code of ethics policy predicated on four principles of integrity, inclusivity, respect, and empathy. Our code of conduct is available upon request, and our modern slavery statement can be found here.
Platform Security
How is the platform updated?
ThinkData Works updates platform components regularly without disruption to performance. Application upgrades can be handled automatically if under SaaS. Updates are available every 2 weeks, but customers may determine how often they would like their environment to be updated. Upgrade scripts are provided if a customer chooses to deploy the ThinkData Works technology on-premises.
Does the platform undergo routine quality assurance?
The platform undergoes rigorous automated and manual QA in a test environment prior to the release of a new version.
What are the security implications of a public vs. private deployment of the data catalog?
ThinkData's public platform is multi-tenant, meaning that all organization accounts share the same database. Private deployments are separate and sequestered cloud infrastructure projects. Access for ThinkData employees follows different access request procedures, as determined by the deployment administrators.
My organization has a secure environment. How would we access the ThinkData Works platform and flow data through it securely?
ThinkData Works has three solutions for maintaining the quality of an organization's secure environment. The platform supports IP whitelisting for a private deployment, and can create a VPN tunnel for additional security. Lastly, ThinkData Works can deploy the platform on an organization's isolated infrastructure entirely.
Authentication Security
Does ThinkData Works support multi-factor authentication?
Multi-factor authentication is available for all user accounts. User accounts can be enabled with multi-factor authentication and multi-factor authentications can be set as a requirement for an entire organization.
Can we use SSO with ThinkData Works?
ThinkData Works supports SSO using ActiveDirectory, SAML or OAuth.
Personal Information Security
Does ThinkData Works sell personally identifiable information (PII)?
No. ThinkData sources information from government-maintained open data portals and public sources. Use restrictions and licensing are maintained across all environments. ThinkData's partnership network includes organizations that are legally entitled to manage and maintain their subjects' personal information. This data is not provided by ThinkData Works.
Does ThinkData Works platform track access and activity logs?
We support access auditing for compliance and governance. Activity and access logs can be captured in both public and private environments and exposed to the customer. Logs may be directed to the customer log system or exported on request.
How does ThinkData Works handle my personally identifiable information (PII)?
ThinkData Works does not sell or license your data. Users may at any time request that ThinkData Works erase and permanently destroy any information the company holds about the user, and ThinkData Works can execute such requests with consideration to and in compliance with regional regulations.
Data Storage, Support, & Handling
If I send private data into ThinkData Works' platform, how will it be stored?
ThinkData's public platform is SOC 2 certified, and as such maintains extremely rigid security concerns that are completely separate from one organization to another.
How does ThinkData Works transfer data? Is data encrypted in transit and at rest?
The ThinkData Works platform provides SSL connections on the user interface and API to ensure that traffic is encrypted in transit. SSL is a required parameter and cookies are configured to only be transmitted over a secure connection to end users. The platform also supports accessing secure data source types such as SFTP, FTP, Google Cloud Platform, and Amazon S3 with SSL.
What file types does the data catalog support?
The platform currently supports: separated values files (CSV, TSV, etc.); fixed-width files (FWF); spreadsheet files (XLS, XLSX); object and mark-up files (JSON, XML, GML, etc.); and geometry files (GeoJSON, SHP) among others. With ZIP files, the platform has the ability to parse and select specific files within an archive.
This automated file type handling ensures that the data undergoes the fewest possible transformations with as little human intervention as possible. Where human intervention is preferred, the ingestion service supports a rich configuration language.
Corporate Governance
Does ThinkData Works have an incident response plan?
ThinkData maintains an incident management policy that will notify platform users of any cybersecurity or privacy breaches. Clients will be notified and a full incident report will be shared following the incident. ThinkData Works has thorough documentation on incident management including clear RACI assignments for Engineering, Security, F&BO, Talent & Culture, and Executive staff.
Does the platform provide access controls?
The ThinkData platform's access controls comply with standard policies and procedures that address: onboarding; offboarding; transitions between roles; regular access reviews; limiting and controlling the use of administrator privileges; and activity timeouts. The platform supports a mechanism to view which users have access to what features and datasets to facilitate regular access reviews.
Does ThinkData Works have a business continuity plan or a disaster recovery plan?
All data processing is located in Canada for SaaS or managed cloud operations. ThinkData supports geographic redundancies and disaster recovery. Platform access is secured with TLS. Data will remain in Canada if set up on Canadian data centres.