How are my work files, saved searches, and other saved work items protected?
What about information stored in the Thomson Scientific offices? How is it protected?
How can I be sure that your servers will be available when I need them?
Thomson Innovation offers Secure Sockets Layer (SSL) connections for subscribers. The SSL security protocol provides an https secured connection that supports 128-bit encryption of all requests to and from the Thomson Innovation website. Therefore, it is extremely difficult, to hack into an individual's use of the Thomson Innovation website when SSL is in use. This is the same technology that most e-commerce websites use to encrypt credit card information and is the industry standard security protocol for protecting sensitive data while in transit.
In addition, the search function is conducted on separate search servers. These search servers never directly communicate with the user's web browser, and neither the IP address nor any other user information is passed to them.
In your web browser, the SSL option is usually set to “Off” by default to improve performance over slower connections. To turn SSL on, go to Preferences… General… and set SSL to On.
Look at the address bar in your web browser. If it begins with https, rather than http, then you're working in an SSL environment.
In line with commercial industry standards, Thomson Scientific employs a dedicated security team to protect its servers from attacks and other attempts to compromise the security and/or proper functioning of its IT and communications systems. This includes deploying multiple firewalls to protect its servers and implementing proactive security scans and security updates to prevent attacks on our systems.
No. Thomson Innovation never has, and never will "mine" the search strings submitted by users to our site for any reason. We will continue to protect the privacy of our customers' searches. We collect only the information we need to provide accurate invoices to our customers and improve the quality and usefulness of our services to our users.
In truth, if someone was requesting log information in support of litigation, they have as much right to request the logs of your internal systems as our commercial web-based system. Even if we did have to respond to a subpoena, the amount of information we could provide would be very limited. We do not retain log files for an extended period of time, and we cannot reconstruct how users used the site even if requested, as we do not associate user IDs to specific searches.
Thomson Innovation requires that each user have a personal and unique user ID and password. This helps to protect any data you've stored on our site.
Additionally, saved work items are stored in password-protected databases that are not accessible to the outside world. Extensive knowledge of the database structure would be needed to correlate saved work items to specific user IDs.
The database where saved work items like work files and saved searches are stored is on mirrored disks, and there is also a separate mirrored database. Full backups of the database are performed twice per week. Backup tapes are stored on-site and copies are also shipped off-site for disaster recovery. Between backups we can also recover the database from log files, which are on different disks.
In addition to protecting sensitive information online, we also protect user-information off-line. All of our users' information is restricted in our offices (which are physically secured). Only employees who need the information to perform a specific job (for example, our billing, accounts receivable, or customer service representatives) are granted access to personally identifiable information. Finally, the servers that we store personally identifiable information on are kept in a secure environment.
Thomson Scientific employs state-of-the-art servers to deliver its Thomson Innovation. Every effort is made to provide a reliable network to ensure there is no single point of failure. Where possible we ensure that there are components are provided with protective redundancy. In addition, we have backup power supplies, both UPS and generators. We also leverage RAID disk technology to minimize the chance of losing data through disk failure. Additionally, the servers are monitored 24 hours per day, 365 days per year.
For a more comprehensive description of the type of data that Thomson Scientific process in connection with Thomson Innovation and what it uses that data for, see the full Thomson Scientific Privacy Policy at http://scientific.thomson.com/privacy.