NORC takes the matter of computer and system security very seriously. The systems developed to collect your company’s data have multiple layers of security and protection. The Component 2 EEO-1 Online Filing System uses the Hyper Text Transfer Protocol (HTTPS) with a Secure Socket Layer (SSL) supporting the HTTP Strict Transport Security (HSTS) to protect the Component 2 EEO-1 website and access to the filing system against security attacks. As a further safeguard, the actual Component 2 EEO-1 Online Form where you enter your company’s information does not store any of that data on the web servers where the online form resides. Rather, all Component 2 data reported through the filing system or upload process are stored inside the NORC’s firewalls in storage spaces dedicated only to this data collection effort. NORC uses firewalls that provide security against external threats by using a fleet of latest security features. In addition to the built-in applications for threat protection, NORC’s firewalls dynamically block port scans, deny access to entities that attempt to enter our systems from outside the United States, and provides distributed denial-of-service (DDoS) protection. Continuous monitoring of network traffic identifies potential threats and generates automated notifications for immediate attention of the information security team.
The Component 2 data collection systems, both the online form and the data upload process, are deployed in secure physical servers. Access to the Component 2 EEO-1 Online Filing System is secured through a multi-tiered user authentication process which prevents unauthorized access to the data collection systems. Once inside the filing system, users only have the ability to add or update data for their own employer. Unedited raw data collected through these processes are encrypted during transmission following the FIPS 140-2 compliance, and transfer of all data utilizes the NIST 800-53 security framework.
The subsequent processing of Component 2 data takes place in a secure location on the private network within NORC where access is granted only to individuals who are authorized to work on these files. All NORC staff who have access to Component 2 EEO-1 Compensation Data are annually trained to maintain data security and confidentiality and have signed Non-Disclosure Agreements (NDA) in which they pledge not to disclose, publish, divulge, release, or make known to any individual other than an authorized NORC or EEOC employee, any non-public information or any sensitive information gained in connection with the performance of their job responsibilities. At NORC, failure to comply with the NDA results in immediate job termination.
By implementing a comprehensive solution for Component 2 EEO-1 Compensation Data collection, processing, and storage in a highly secured environment, NORC ensures that your company data is well protected from unauthorized access and use.