MAINTAINING CYBER SECURITY AND DATA PRIVACY
TRC is committed to ensuring the protection of our
clients, their privacy, and data we are entrusted
to hold. Many of TRC’s customers are part of the
16 critical infrastructure sectors defined by the
Department of Homeland Security. We believe
safeguarding our clients, their privacy, and their
data is the same as protecting national security on
behalf of the people who depend on these critical
infrastructure services our clients provide every
day. Our approach on cyber security is aligned with
the Critical Infrastructure Protection Act and the
International Organization for Standardization (ISO)
27001:2013 to create consistency which promotes
cyber security throughout the organization. This
consistency has led to ISO27001:2013 certification of
our Power Delivery Engineering practice.
In achieving this certification, standardization of
policies and procedures has provided the foundation
for TRC Cyber Security. By using a consistent
approach that includes the deployment of defensive
strategies layered throughout the enterprise, we are
able to protect against known threats, respond in a
repeatable manner, and increase enterprise visibility.
TRC uses this visibility to build quantitative and
qualitative metrics to improve cyber security posture
daily, reduce dwell time and enhance business
continuity.
Metrics are reported quarterly to the TRC Cyber
Security Council made up of various operating
practice leaders to provide oversight and guidance
to spread the responsibility of Cyber Security to the
enterprise. Our commitment to excellence, drive to
reduce complexity, and strong security culture is the
cornerstone for maintaining cyber security and data
privacy at TRC. It is in furtherance of our commitment
to Cyber Security and client confidentiality that we
do not report out information concerning potential
breaches or vulnerabilities.
27