Security and Reliability Safeguards

The protection of customer data and privacy is the ITRP Institute’s number one operational priority.

SSL

All information travelling between your browser and ITRP is protected with 256-bit SSL encryption. This is the same level of security banks use. The security lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating ITRP and that your data is secure in transit.

Maintaining a Secure Environment

Access control measures have been deployed at multiple levels to limit access to legitimate users and only to the operations that these users have been authorized to perform.

Access and usage of the ITRP service and its hosting environments are continuously monitored in order to identify unauthorized operations and access attempts as early as possible. The ITRP Institute actively maintains and tests both the hosting environments of the ITRP service as well as the ITRPapplication code to prevent security issues as much as practical, and to ensure that security issues which affected the ITRP service do not recur.

Apart from the detection mechanisms used for the early identification of possible security issues that may affect the ITRP service, response measures are in place to handle such issues if they occur.

Responsible Disclosure

Notifying a vendor before publicly releasing information about a security issue is a best practice known as responsible disclosure. Responsible disclosure allows companies like the ITRP Institute to better protect its customers by fixing vulnerabilities before they are brought to the attention of someone who may want to exploit them. We strongly encourage anyone who is interested in researching and reporting security issues to observe the simple courtesies of responsible disclosure. The ITRP Institute follows the same practice when it discovers and reports security vulnerabilities to other organizations.

Security Notifications

For the protection of our customers, the ITRP Institute does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases have been implemented. Once a security issue has been fixed, the ITRP Institute publishes an ITRP security bulletin about the issue within the ITRP service.