System Security, Performance and Reliability Statement 

SurveyShack’s systems are housed in a state-of-the-art data centre on the main backbone of the Internet. Strategically located, the data centre has multiple, redundant Internet carriers, backup power facilities, security and more.

Our applications run 24 hours per day and are monitored by experienced engineers. All of this ensures that the applications are always ready when you are, and working, even when you're not.

Should any security issue be identified, SurveyShack has the ability to immediately disable, or shut down parts or all of the application online. Automated monitoring & correction systems are in use 24/7 and IT staff are alerted by email, pager and text when resolution requires intervention

Physical Security

The SurveyShack server farm is hosted with a leading UK host in a locked cage-type environment where access to the server is restricted by secure appointment and photo ID security card access.

Network Security

All network components and servers are monitored 24 hours a day, 7 days a week by qualified network engineers which means that reaction times to issues are as fast as they possibly can be.

The network is appropriately protected by fire-walling technology and all SurveyShack members have the ability to choose to have all traffic to our server authenticated by cryptographic technology by means of SSL with 128 bit encryption (High); RSA with 1024 bit exchange.

Host Security

Hosting is on a Unix platform which has been hardened against attack by the following means:

• All currently available patches for OS, web servers and databases are constantly updated as soon as they are released.
• Passwords for access to the server must follow these rules:
• Must be a minimum of 8 characters long
• Must have at least 1 English Capital Letter, 1 English Lower Case Letter, 1 Number and 1 Alpha-Numeric or “special” character.
• May not contain any full part of any employees email address, or full name
• Must be changed at least every 45 days
• Must not be the same as any of the past eight passwords used
• Must not contain any common word in the dictionary or slang

Web Security

The SurveyShack.com application is written in a combination of ModPerl and Javascript and data is stored and managed in a secure and robust Sybase database.

Scripts can only be run outside the web root, data in the database is stored in an encrypted format, and is protected by a strong password which conforms to our password rules above.

SurveyShack.com undertakes the following security Quality Assurance testing for the application on a monthly basis:

• testing of authentication
• testing of authorisation
• testing accounting functions
• other activities which would validate the security architecture

SurveyShack.com conducts monthly web code reviews, including CGI and JavaScript reviews for the explicit purposes of finding and remedying security vulnerabilities.

Intrusion protection

Intrusion detection systems automatically protect against attacks and all other suspicious activities.

Traffic is automatically blocked from any sources that show unusual behaviour patterns or exceed certain thresholds.

All suspicious events are logged and IT staff notified.

Multiple levels of firewall control are in place.

Performance and Reliability

Security is only one aspect of the robustness of a system. The most secure server is of no use if it's inaccessible half the time or too slow. SurveyShack treats reliability equally as important as security, both of which are always a top priority and are constantly monitored.

 

SurveyShack’s farm of servers are managed by redundant load balancing front-end routers which distribute traffic across the farm to ensure that no server is overloaded.

The basic architecture includes:

• Fully-redundant routers, switches, and firewalls
• Industry RAID systems
• Automated back-ups on stored on and off site
• Multiple points of access to major UK Internet backbones
• Battery and diesel-generated power backup
• Raised floor facilities
• Sophisticated fire suppression system.

Electrical Power

Power to the servers are routed through lightning protection, a generator able to power the entire server centre and redundant UPS’s before getting to the servers. This ensures that all power to the servers is supplied at a smooth rate and also ensures that sufficient and clean power can be maintained for an indefinite period of time even in an extended power failure.

Fire Protection

The server room is air tight, kept clean and cool to minimise the risk of fire.

A state of the art Fire Suppression System is in place and should a fire break out in the server room, gas is released to distinguish the fire. The gas is heavier than oxygen and therefore displaces it from the room and extinguishes the fire within seconds.

The Bottom Line

The bottom line is that SurveyShack are serious about security and reliability. We realize that there are no excuses and no shortcuts when it comes to these two issues.
 
We see this as a continual, daily process to monitor and change with new threats and issues relating to security and reliability to ensure the long term relationships we desire with all of our clients.

If you have any questions or comments about security or reliability, please contact us