TSIA Benchmarking Data Protection Measures
TSIA conducts primary research studies throughout the year in each of its Research Areas. These studies, collectively called “Performance Optimizer” and “benchmarking,” include the core Performance Optimizer Benchmark Study in each Area; Multi-Member Studies, such as the PS Market Rates Study; and topic-specific studies that may be added to the Research Area calendars.
In addition to the several layers of security afforded all member companies confidential information and Personally Identifiable Information (PII) handled by TSIA (see “Information Security Measures”), the following measures are enforced with specific regard to benchmarking data:
Technology
There are three technologies employed in TSIA benchmarking: collection (Alchemer); ETL (Alteryx); and visualization (Tableau).
a. Hosting for the collection technology resides in Alchemer’s cloud data centers.
b. Hosting for the ETL technology resides on theTSIA corporate network.
c. Hosting for the visualization technology resides in Tableau’s cloud data centers.
See technology supplier websites for information security-related documentation.
Encryption
All benchmarking data is encrypted from the point of collection through to transmission and storage:
a. HTTPS and Secure Socket Layer (SSL) at the enduser data collection interface
b. 256-bit encryption for data at rest
c. Technology suppliers’ HTTPS REST API for data transfer
Access
Only TSIA Research Executives and members of the TSIA Data Analytics Team have access to non-aggregated benchmarking data. Access to collection, ETL, and visualization technologies is controlled by one member of the Data Analytics Team. User accounts are deleted upon employee termination. All internal TSIA emails pertaining to a member company’s benchmarking response refer to alphanumeric codes instead of member company names; actual member company names are never mentioned in emails. All TSIA employees are bound by the company’s agreements and restrictions on the handling of member confidential data.
Aggregation
Depending on the study, benchmarking data can be aggregated at the total study level and at “industry” and “peer group” levels. The minimum number of data points reported out as an aggregate number at the industry level is nine (9), and at the peer group level is six (6). Benchmarking data points that do not meet these minimums are reported as “Not Enough Data” (NED).
Transmission
To ensure that benchmarking data is not shared with the wrong party, all benchmarking materials are securely delivered to the member company’s Primary Response Editor using password-protected links via TSIA’s instance of Salesforce:
a. Performance Optimizer benchmarking readout materials are uploaded to a proprietary Secure File System (SFS) inside TSIA’s Salesforce instance.
b. Salesforce generates a unique SFS sharing link, which is assigned and emailed to the member company’s Primary Response Editor.
c. The Primary Response editor must then pass an email validation test before receiving a one-time code (OTC) that provides access to the SFS.
If another employee from a participating member company requests information about the benchmarking results, the Primary Response Editor must provide written authorization.
Retention
Performance Optimizer benchmark data is retained for 48 months from the collection date. Data older than 48 months is flagged inactive and archived from the benchmark database. Inactive/archived data can be restored if needed but is not used for industry or peer comparisons. Inactive/archived data can be expunged upon request by the contributing member company.
Effective Date: February 14, 2025