In this situation, when logged in as root, the umask is set to 0022. So, the default file creation umask for a logged in user would be okay.
However, the TIM process runs as a daemon which is not owned by any logged in user.
For daemon processes, there is another file which can be modified to set a different default umask for processes running as a daemon.
In this case, the umask had been manually modified for daemon processes as follows:
A umask of 027 results in file permissions of:
Which are readable only by the daemon process owner and users who are members of the daemon process owner's group.