Security

You can view an up-to-date version of our security checklist here.

• Physical & Environmental Security:

  • Community Tech Alliance services are hosted in Google Cloud Platform (GCP). You can read more about Google Cloud Platform’s physical security here.

  • Logical access to Community Tech Alliance services is restricted to Community Tech Alliance staff based on the principle of least privilege. All access is formally approved and requires multi-factor authentication. 

  • Access is removed in the event of employee termination or a change in Community Tech Alliance staff roles that no longer requires access. Access is also reviewed on a monthly basis.

  • Access activity is logged in a centralized logging infrastructure and protected from tampering.

  • Community Tech Alliance staff adhere to all current security best practices, including, but not limited to: universally required physical multi-factor authentication, required quarterly security training, device management (MDM), and encrypted physical disks.

  • Organizations who contract to receive technology services from Community Tech Alliance are required to adhere to a set of security requirements and accounts provisioned for their usage require multi-factor authentication and other Google-managed security features.

• Redundancy and Resiliency:

  • Our software services are hosted in Google Cloud Platform with availability in multiple availability zones in a region.

  • Our retention of backups is a minimum of seven (7) days.

  • Our staff is remotely distributed across the US providing support to organizations receiving technology services from Community Tech Alliance globally. Our distributed workforce allows us to provide support virtually from anywhere.

  • Logs do not include raw data from the warehouse or from vendor sources.

 Access information to Partner resources required for data pipe functionality is logically separated within the host storage facility, Google Cloud Platform.