PRODUCING QUALITY SOLUTIONS FOR OUR
CLIENTS MAINTAINING CYBER SECURITY AND DATA
PRIVACY
A multilevel quality organization includes TRC’s execu-
tive leadership team; a corporate Quality Council; Quality
Leaders at the corporate, sector, and practice levels; and
a strong network of Office Quality Coordinators. This
organization works in unison to attain TRC’s quality
goals and objectives. TRC is committed to ensuring the protection of our
clients, their privacy, and data we are entrusted to hold.
Many of TRC’s customers are part of the 16 critical
infrastructure sectors defined by the Department of
Homeland Security. We believe safeguarding our clients,
their privacy, and their data is the same as protecting
national security on behalf of the people who depend on
these critical infrastructure services our clients provide
every day. Our approach on cyber security is aligned
with the Critical Infrastructure Protection Act and the
International Organization for Standardization (ISO)
27001:2013 to create consistency that promotes cyber
security throughout the organization. This consistency
has led to ISO27001:2013 certification of our Power
Delivery Engineering practice.
A culture of performance excellence is instilled by
holding every employee accountable for the quality
of their work and empowering each person with
stop-work authority if necessary. Contractors,
suppliers, and partners are also accountable for
compliance with TRC’s quality policy and procedures.
Quality performance is regularly monitored to identify
opportunities for improvements and where additional
training is required.
Quality at TRC is more than meeting or exceeding
our customers’ expectations. It is also about creating
meaningful value for them and forging an alliance as
their trusted business partners.
In achieving this certification, standardization of policies
and procedures has provided the foundation for TRC
cyber security. By using a consistent approach that
includes the deployment of defensive strategies layered
throughout the enterprise, we are able to protect against
known threats, respond in a repeatable manner, and
increase enterprise visibility. TRC uses this visibility to
build quantitative and qualitative metrics to improve
cyber security posture daily to reduce dwell time.
These metrics are reported quarterly to the TRC Cyber
Security Council made up of various operating practice
leaders to provide oversight and guidance to spread the
responsibility of cyber security to the enterprise. This
commitment to excellence, drive to reduce complexity,
and strong security culture is the cornerstone for
maintaining cyber security and data privacy at TRC. It
is in furtherance of our commitment to cyber security
and client confidentiality that we do not report out
information concerning potential breaches
or vulnerabilities.
25