Time Doctor Protects Your Data
We work towards improving our security every single day at Time Doctor. To do so properly, we follow the best security practices. These include:
- - Encrypted data transfer (HTTPS)
- - Email verification
- - A strong password management policy
- - Internal system logging
- - Network and overall infrastructure security
- - Physical security
ISO 27001 Certified
Time Doctor is ISO 27001 certified. We’ve developed an extensive list of internal company policies and regulations.
These policies include:
- - An information security policy
- - A risk management policy
- - A documented information policy
- - An organization information security policy
- - An asset management policy
- - An access control policy
- - A cryptography and data encryption policy
- - Physical and environmental security policies
- - An operations security policy
- - A communications security policy
- - An information security incident management policy
- - A data management policy
- - A system acquisition, development, and maintenance policy
- - A supplier relationships policy
- - An information security aspect of business continuity policy
- - A compliance policy
Our security and compliance department works to improve the procedures and policies on a monthly basis in order to improve our internal and external security.
Below, you’ll find the valid certificate for our ISO certification:
External Audits and Security
At Time Doctor, we do our best to provide the best security to our customers. Because of that, we integrate and work with external companies that help us to carry out regular penetration testing, patching, and security audits to identify any possible issues and resolve them within a short period of time.
Backups and Reliability
Our backups are done on a daily basis, which guarantees consistency and a quick reaction from our side in case data restoration is needed.
In case of a data breach, we have a procedure in place that dictates how and when to make a responsible disclosure to the affected parties, with the first communication occurring within 72 hours of our becoming aware of the incident.
Software Development Security
Time Doctor uses a Git version control system. Changes to Time Doctor’s code base go through a suite of automated tests before being reviewed and sent through a round of manual testing. When code changes pass through the automated testing system, they are first pushed to a staging environment where timedoctor.com employees test the changes before they’re pushed to our production servers. Changes that are critical, due to security or for other reasons, are fast-tracked to production while still being tested thoroughly.
Confidentiality & Employee Access
We strictly regulate our employees’ access to the data you and your users store with timedoctor.com. Access is limited to those few employees who need it for troubleshooting or support.
No timedoctor.com employees ever access customer accounts unless required for troubleshooting or support. When working on a support issue, we do our best to respect your privacy as much as possible and only access the files and settings needed to resolve your issue.
Screenshots are an optional Time Doctor feature. If activated, the screenshots feature will take and store screenshots of your employees’ monitors at the time interval that you specify.
If you use the screenshots feature, you can rest assured that the screenshots and all other data are stored securely. All communication to the server is secured by SSL encryption. Files on the server are encrypted to provide an extra level of security for company data. The servers are located in secure enterprise data center facilities with 24/7 monitoring and hosting support.
Billing Information Protection
When you sign up for a paid account on Time Doctor, we do not store any of your credit card information.
All credit card transactions are processed using Stripe’s secure encryption, which is the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on a PCI-compliant network.