Privacy & Security Policy
Corcoran Consulting Group, LLC, (“CCG”) puts forth good faith efforts to maintain the privacy and security of its own and client or potential client data and contracts only with reputable organizations for data storage, backup, and transmission.
- CCG regularly executes non-disclosure agreements with clients and potential clients, using industry-standard terms and conditions. All contractors/agents of CCG fall under this non-disclosure agreement and have executed a corresponding non-disclosure agreement with CCG.
- CCG employs strong, unique passwords for various online accounts to isolate and minimize the potential footprint and impact of a data breach.
- CCG generally employs two-factor authentication to limit access to unauthorized or unknown users or devices.
- CCG client or potential client data is stored in a cloud-based platform and replicated locally on an as-needed basis (see Dropbox.com privacy and security policies here).
- All CCG data is automatically and regularly backed up to a cloud-based platform in an encrypted format (see Carbonite.com privacy and security policies here).
- All CCG email is accessed, stored, and backed up on a cloud-based Exchange platform and accessible on authorized and protected devices (see ExchangeMyMail.com privacy and security policies here).
- CCG relies solely on Apple devices with iCloud security enabled, including remote lock and remote wipe capabilities (see Apple iCloud privacy and security policies here).
- CCG has minimal reliance on physical/hard copy files during a client engagement. At the conclusion of a project, CCG retains no physical.hard copy files related to any client engagement, except for invoices, expense receipts, and other documents related to state and federal tax filings, none of which contain client confidential information.
- CCG destroys physical/hard copy documents by employing a standard level-three cross-cut paper shredder.
- CCG destroys online data as appropriate from Dropbox.com and ExchangeMyMail.com, by deleting the relevant files from both the cloud platform and relevant local devices, and then the hard drive space is overwritten and redeployed using Apple’s Secure Empty Trash protocol. Deleted files and folders are automatically deleted from the cloud-based backup server in due course per Carbonite.com policy, no later than 30 days from original deletion.
- All CCG devices are wiped clean and restored to factory settings before disposal or redeployment, to ensure no data is retained.
- CCG may, from time to time, unless otherwise restricted, incorporate findings or observations from client engagements in presentations or speeches. In such cases, all data or graphics are stripped of identifying characteristics to render it untraceable to the source. On the rare occasion CCG desires to attribute findings or observations to a specific client, CCG will secure specific permission in written or electronic format in advance.
- CCG may, from time to time, unless otherwise restricted, include client organization names in a general client roster, without reference to the nature or scope of work. Inclusion in such a lists does not imply endorsement or recommendation of CCG services.