We recognize that any system and control information you might enter into the CRC is very sensitive. T2P takes the protection of that information very seriously and has built several layers of security into the CRC. The CRC security is even more stringent than the security controls around other T2P protected community resources.

How your information confidentiality is protected

1. Only T2P community members can access the CRC environment. While the T2P community is generally free and open to all professionals, it is still a protected community in the sense that we reject obviously devious applicants and actively enforce conduct standards.  This is not a high-bar of protection, but it helps preserve the community's professional character and repels some potential threats to T2P members and resources.
2. Only you can access your information in the CRC. The information you enter is stored in association with your member account. Nobody else can see or view your information.
3. Your system, control, and risk data is encrypted in transit. The CRC uses Secure Socket Layers (SSL), the industry standard for encrypted transmissions, to obscure all information you retrieve or send from the CRC application.
4. Your control information is encrypted in storage.  Nobody—not even T2P administrators—can read your control description in the CRC database. The information is decrypted only at the point where you see it.
5. Your control and risk data is kept separate from your membership information. Even if—knock on wood—someone were to hack into the T2P member database (which, is also encrypted at multiple levels), they would not have access to your CRC information.This segregation is one of the reasons we ask members to confirm their login information when accessing the CRC environment.

In addition to these controls, T2P enforcs many other technical, operational, and managerial security processes to ensure that your CRC information is not lost, misused, or illicitly altered.

Session timeouts

As a security measure, the CRC will automatically log you out after a defined period of inactivity. Because the CRC is designed to reload pages as seldom as possible, however, it is possible to run into a situation where you are automatically logged out and don't know it. This is most likely to happen if you spend several hours entering controls into the CRC without triggering any function that revalidates your session, such as clicking to a different page or refreshing the current page.

If you suddenly find yourself logged out after entering a few hours-worth of control information, don't panic. The control information you've entered is iteratively saved as you add it to the Control Tracking table. And, of course that data is protected—even after your session expires.

If you are automatically logged out, all you need to do to access your complete systems and control information is log back in to the CRC and return to your Control Tracking page.