Information Security Policy
Updated: 08/18/2023
TNT Connects LLC maintains a world-class information security program that is independently assessed to meet or exceed industry best practice security controls. TNT Connects’ cybersecurity ecosystem is purpose built on the principals of “defense in depth” in order to provide the most effective approach for safeguarding system and information assets. TNT Connects’ primary objective is to achieve a high bar of excellence in the marketplace by following the law, adhering to regulations, maintaining reasonable security measures and protecting the rights and freedoms of consumers.
TNT Connects LLC (“we,” “us” or “TNT Connects”) has implemented internal policies and controls to try to ensure that customer data is protected and only accessed by authorized TNT Connects employees in the performance of their duties. Where TNT Connects engages third parties to process customer data on its behalf, they do so in accordance with our written instructions under a duty of confidentiality, and they are required to implement appropriate technical and administrative measures to ensure the data is secure.
More specifically, TNT Connects maintains: confidentiality by ensuring that only people who are authorized to use the data can access it; integrity by ensuring that data is accurate and suitable for the purpose for which it is processed; and availability by ensuring that authorized users are able to access and use the data they need for authorized purposes in a timely and reliable manner.
TNT Connects takes an enterprise approach to security that monitors controls at different layers throughout the organization, including physical security, network security, host security, software development security, and user account security, each as further discussed below.
Physical Security
TNT Connects servers and infrastructure are located in secure data centers managed by industry leading Amazon AWS.
Network Security
-
TNT Connects requires that network communications adhere to the principles of data confidentiality, integrity, and availability discussed above.
-
TNT Connects requires that information is handled with appropriate levels of encryption in accordance with our policies and standards and to comply with applicable laws.
Customer Hosted Environment Security
-
TNT Connects performs industry-standard security hardening efforts -- more specifically, critical systems are hardened and configured per industry best practices as defined by the Center for Internet Security (CIS).
-
TNT Connects regularly reviews information on current security vulnerabilities, including vendor announcements and other industry sources. If security updates are determined to be critical to the TNT Connects environment, they are tested and deployed in a timely manner.
-
Customer hosting systems and services are routinely monitored for integrity and availability. Operations staff review alerts generated by monitoring systems and respond promptly.
-
Administrative access to TNT Connects' infrastructure is limited strictly to authorized users with multi-factor authentication. Individual usernames and passwords are required for machine and data access.
-
TNT Connects adheres to strong password guidelines, including complexity and minimum length requirements. Passwords are expired and changed on a regular basis.
Development Security
-
Internally developed code is subject to TNT Connects' secure coding guidelines, which includes testing of functionality and business logic, and for security flaws. In addition, our Change Management Policy ensures that code deployed to the production environment has been appropriately tested, reviewed, and approved.
-
As part of TNT Connects' ongoing PCI compliance, we regularly undergo security reviews, including external and internal scanning for vulnerabilities on an ongoing basis. All vulnerabilities discovered are reviewed by internal security and addressed in accordance with the level of severity.
User Account Security
-
User-level access to TNT Connects services is provided via a username and password selected by the end user.
-
Passwords and credit card numbers are encrypted.
-
Credit card numbers are not stored on any TNT Connects system.
-
User account setup, maintenance, and termination are under the control of the end user.
Incident Management
-
TNT Connects has a documented Cybersecurity Incident Response Plan.
-
The Cybersecurity Incident Response Plan undergoes annual tabletop testing and is updated as necessary.
Personnel Security
-
TNT Connects employment offers are contingent upon successful completion of a criminal background and reference checks where allowed by law.
-
Upon commencing employment, all TNT Connects employees receive information security training and are contractually obligated to confidentiality clauses to ensure that they adhere to TNT Connects' commitment to security and confidentiality.
-
TNT Connects' information security awareness and training programs require employees to complete annual security refresher training.
Patch Management
-
Where feasible, system components and software are protected from known vulnerabilities by applying the latest vendor-supplied security patches.
-
TNT Connects systems are routinely updated per vendor recommendations and industry standards.
Virus/Malware Management
-
TNT Connects uses up to date virus scanning software for detecting currently known malware.
-
Malware definitions are updated daily and installed as required.