security

TechTarget Privacy and Security Trust Center – TechTarget


Overview of TechTarget and Services

TechTarget is the global leader in purchase intent-driven marketing and sales services that deliver business impact for enterprise technology companies. By creating abundant, high-quality editorial content across more than 150 highly targeted technology-specific websites and 1,125 channels, TechTarget attracts and nurtures communities of B2B technology buyers researching their companies’ information technology needs. By understanding these buyers’ content consumption behaviors, TechTarget creates the purchase intent insights that fuel efficient and effective marketing and sales activities for customers around the world.

TechTarget has offices in Boston, London, Munich, New York, Paris, Singapore and Sydney.

More about TechTarget

Our Commitment to Privacy, Security, and Data Protection

TechTarget takes privacy compliance, information security and data protection seriously and is committed to effectively safeguarding the confidentiality, integrity, and availability of the Regulated Personal Information and Confidential Data entrusted to our organization by our customers, members, employees, and other key organizational stakeholders. 

TechTarget’s Privacy and Information Security Programs

TechTarget has established robust privacy and information security programs which are focused on the following:

  • Complying with the privacy laws and regulations applicable to the business services provided by TechTarget;
  • Meeting our customers’ and other key stakeholders’ requirements, including associated contractual commitments;
  • Implementing, maintaining, monitoring, and continuously improving upon our security and data protection controls; and
  • Aligning our program requirements with generally accepted privacy and information security best practices and regulatory requirements.

Through the above programs, TechTarget’s overall intent is to create a proactive environment focused on effectively safeguarding the privacy and security of TechTarget’s key data and organizational assets and the systems that support them. 

TechTarget’s Information Security Program

TechTarget’s Information Security Program encompasses the creation, implementation, maintenance, enforcement, and oversight of the organization’s information security program requirements including related policies, procedures, standards, guidelines, and controls. The Information Security Program is focused on safeguarding all Regulated Personal Information and Confidential Data entrusted to us as required by applicable laws, rules, and regulations and in accordance with our contractual commitments.

TechTarget’s overall Information Security Program framework includes the following core components:

  • Executive Level Support and Commitment
  • Appointment of Dedicated Security Personnel
  • Policies, Procedures, Standards, and Guidelines
  • Information Security Training/Awareness Activities
  • Information Security Risk Assessments for High Priority Systems
  • Information Security Incidents Identification/Response
  • Workforce Security Incident Reporting
  • Information Security Breach Notification
  • Security Processes and Controls for Protected Regulated and Confidential Data
  • Security Control Audits/Evaluations
  • Information Security Program Updates and Maintenance

The program’s structure is influenced by several industry security standards and frameworks, such as the National Institute of Standards and Technology (NIST), applicable SOC 2 criteria, and the International Organization for Standardization (ISO). For example, our BrightTALK webinar and channel platform meets the International Organization of Standards (ISO) 27001 standard and our Priority Engine purchase intent service meets the SOC 2 Trust Service Criteria for Security, Availability, and Confidentiality established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).

More about BrightTALK’s ISO 27001 Certification

More about TechTarget’s Priority Engine SOC 2

Privacy and Data Protection Program

TechTarget has a strong privacy and data protection governance program to manage privacy compliance and data protection risks. This program is based upon a foundational policy which establishes the overall privacy program framework and which identifies key control areas, processes, and organizational strategies for data protection and privacy compliance. In addition, this program includes detailed policies and operational privacy processes focused on compliance with specific aspects of applicable privacy laws.

TechTarget’s overall Privacy Program Framework includes the following core components:

  • Executive Level Support and Commitment
  • Appointment of Dedicated Privacy and Security Personnel
  • Policies, Procedures, Standards and Guidelines
  • Privacy and Security Training/Awareness Activities
  • Privacy by Design
  • Security Controls for Protected Regulated and Confidential Data
  • Privacy Incident Management
  • Data Breach Notification
  • Privacy Inquiries and Investigations
  • Privacy and Related Security Control Audits
  • Privacy Program Updates and Maintenance

Roles and Responsibilities

We have assigned clear roles and responsibilities for the administration of both our information security and privacy programs. This includes designating executive level staff with the responsibility and accountability for providing guidance and strategic support to both governance programs, their related controls and processes in accordance with business strategy, customer requirements, and applicable legislative and regulatory requirements.

Additionally, the Company has assigned dedicated senior managers with extensive hands-on security experience to key information security roles. TechTarget has also formally appointed two staff members to be designated Data Protection Officers and has assigned other staff members to function as regional Privacy Representatives. In addition, other dedicated personnel help to monitor compliance and assist with the implementation of new and changing privacy and data protection program initiatives.

Specific members of our privacy and security staff hold various privacy and security certifications and designations (including CISSP – Certified Information Systems Security Professional, CIPM – Certified Information Privacy Manager, CIPP/E-Certified Information Privacy Professional – Europe, CIPP/US – Certified Information Privacy Professional – United States, CBCP – Certified Business Continuity Professional and FIP – Fellow In Privacy) and routinely consult with highly experienced internal and reputable global external legal advisors. The leaders of these teams also work with and advise our Executive Privacy and Security Taskforce to help manage overall enterprise security and privacy risks.

Other Administrative Controls

Policies and Related Processes/Plans

In addition to our foundational information security and privacy policies, we have other key policies, procedures, and controls in place to manage and mitigate both security and privacy risks including the following:

  • Information Security Risk Management Policy
  • Access Control, Authentication, and Authorization Policy
  • Acceptable Use Policy
  • System Development Lifecycle Policy
  • Password Management Policy
  • Data Classification and Handling Policy
  • Business Continuity and Disaster Recovery Policy and Plan
  • Privacy and Security Incident Management Policy and Plan
  • Record Retention and Destruction Policy and related Retention Schedules
  • Third-Party Assessment Policy and related assessment forms
  • GDPR and CCPA Related Policies and Procedures

Privacy and Security Training and Awareness Programs

To promote an ongoing privacy and security-focused culture, TechTarget’s personnel and key applicable stakeholders receive extensive privacy and information security training via a variety of formats. This training is focused primarily on an overall understanding of the organization’s privacy and security programs, including the detailed requirements of these programs, and training for employees with specific roles and responsibilities. In addition, all our employees also receive monthly security awareness training.

Human Resource Controls

TechTarget strives to attract and retain a pool of diverse and exceptional candidates and supports their continued development after they become employees. We consider our employees our driving force in the competitive B2B technology marketing space. We also appreciate the significant role our employees play in protecting our member and customer data.

  • We perform background checks on our prospective employees depending on the role they will perform and in accordance with local laws, rules, and regulations (which vary in different countries and jurisdictions).
  • We require all new employees to read and acknowledge our information security and privacy policies and undergo training during the onboarding process, as well as throughout the course of their employment.
  • We ensure that employees are evaluated through annual performance reviews and, further, are recognized, rewarded, and engaged based on their contributions.

Our ability to retain our workforce is also dependent on our ability to foster an environment that is safe, respectful, fair, and inclusive of everyone and promotes diversity, equity, and inclusion inside and outside of our business.

Incident Management

TechTarget has a privacy and security incident management program in place which includes a detailed plan and an established, cross-functional team to manage and investigate potential incidents. One of the key goals of this team is to quickly identify and respond to a privacy or security incident to minimize its impact on the organization and reduce any potential disruption to operations.

Third-party Assessment Program

TechTarget has a robust third-party assessment program in place to evaluate the general compliance, privacy, and security controls. In addition, we perform an annual maintenance review for key vendors associated with our high priority systems.

Information Security Technical and Physical Security Controls

TechTarget has multiple IT system security controls and practices in place including, but not limited, to the following:

  • Access and Authorization Controls
  • Authentication and Password Management Controls – Including complex password requirements and salted hash controls
  • Network Security Controls
    • Firewalls
    • IDS/IPS
    • SIEM (Centralized logging/monitoring)
    • Weekly vulnerability scanning
    • Penetration Testing
    • Wireless Networking Controls
  • Server and Workstation Controls including the following:
    • Patch Management/Hardening Controls
    • Virus, anti-spam and malware protection controls
  • Encryption controls:
    • Encryption in Transit (HTTPS: TLS 1.2, SFTP, etc.)
    • Encrypted Backups
    • Encryption at Rest (AES 256)
    • Encryption of Endpoint Devices
  • Data Storage, Retention, and Destruction
  • Physical Security Controls
    • Restricted Access and Environmental Controls
    • Disaster Recovery and Backup Controls

TechTarget also utilizes SOC 2 compliant data centers and cloud service providers both for internal business applications as well as in support of the delivery of its services. 

More Information about Data Privacy and Compliance

Data Privacy Operational Processes

Our privacy program is continuously evolving and improving to meet the requirements of the ever-changing privacy landscape. It is designed to protect the information assets entrusted to us by our members, customers, and employees and is focused on, among other things, complying with applicable privacy laws and regulations (including, for example, GDPR and CCPA), meeting customer and stakeholder requirements, and aligning with generally accepted information privacy best practices. We have multiple controls and practices currently in place including the following:

  • Maintaining Records of Processing (and related data transfer information)
  • Privacy/Data Protection Impact Assessments
  • Performance of Legitimate Interest Analyses
  • Personal Information Data Inventory and Mapping
  • Individual Rights Processing and Procedures
  • External Privacy Notices, Links, Forms, and Processes
  • Third Party Privacy and Security Assessment Processes
  • Privacy Incident Management

We also perform audits periodically to ensure we are meeting our regulatory and customer-related obligations.

TechTarget Data Collection

TechTarget is a B2B data provider. We collect and use business contact records through a voluntary member registration interaction, where prospective members provide their contact information in exchange for gaining access to premium content on our network and communications from us and our customers that are relevant to their professional interests. The personal information collected is limited to non-sensitive contact information (e.g., name, title, contact info (email, phone, business address)) and is used in accordance with our online privacy policies and notices.

Transparency in how we collect, use, share, and protect data, including personal information, is a key privacy principle we embrace. As a B2B provider, we understand the value of providing both our members and our customers with clear information about our data practices. To support this effort, we have adopted publicly accessible privacy policies and notices which are posted conspicuously on our websites, on our registration forms, and in our email communications. We have also adopted various member agreements that govern the use of our services and have provided our members and customers with various methods for exercising their applicable data subject rights. Our privacy policies and agreements include the following:

We only collect and process personal information that is relevant to and necessary to provide our services, as outlined in our privacy policies and notices, and in a lawful and secure manner. We also provide our members with a clear process to submit a data subject rights request, such as to access, correct, delete, transfer, or opt out of sale or sharing of their personal information:

  • For EU or UK GDPR Data Subject Rights Requests, click here.
  • For California CCPA Consumer Rights Requests, click here.
  • For Other Privacy Related Requests, click here.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.