System Security, Performance and Reliability Statement

SurveyShack’s online survey systems are housed in a state-of-the-art data centre on the main backbone of the Internet. Strategically located, the data centre has multiple, redundant Internet carriers, backup power facilities, security and more.

Our applications run 24 hours per day and are monitored by experienced engineers. All of this ensures that the applications are always ready when you are, and working, even when you're not.

Should any security issue be identified, SurveyShack has the ability to immediately disable, or shut down parts or all of the application online. Automated monitoring & correction systems are in use 24/7 and IT staff are alerted by email, pager and text when resolution requires intervention.

Security

Physical Security

The SurveyShack server farm is hosted with a leading UK host in a locked cage-type environment where access to the server is restricted by secure appointment and photo ID security card access.

Network Security

All network components and servers are monitored 24 hours a day, 7 days a week by qualified network engineers which means that reaction times to issues are as fast as they possibly can be.

The network is appropriately protected by fire-walling technology and all SurveyShack members have the ability to choose to have all traffic to our server authenticated by cryptographic technology by means of SSL with 128 bit encryption (High); RSA with 1024 bit exchange.

Host Security

Hosting is on a Unix platform which has been hardened against attack by the following means:

• All currently available patches for OS, web servers and databases are constantly updated as soon as they are released.
• Passwords for access to the server must follow these rules:
  • Must be a minimum of 8 characters long
  • Must have at least 1 English Capital Letter, 1 English Lower Case Letter, 1 Number and 1 Alpha-Numeric or “special” character.
  • May not contain any full part of any employees email address, or full name
  • Must be changed at least every 45 days
  • Must not be the same as any of the past eight passwords used
  • Must not contain any common word in the dictionary or slang

Web Security

The SurveyShack.com application is written in a combination of ModPerl and Javascript and data is stored and managed in a secure and robust Sybase database.

Scripts can only be run outside the web root, data in the database is stored in an encrypted format, and is protected by a strong password which conforms to our password rules above.

SurveyShack.com undertakes the following security Quality Assurance testing for the application on a monthly basis:

• testing of authentication
• testing of authorisation
• testing accounting functions
• other activities which would validate the security architecture

SurveyShack.com conducts monthly web code reviews, including CGI and JavaScript reviews for the explicit purposes of finding and remedying security vulnerabilities.

Intrusion protection

Intrusion detection systems automatically protect against attacks and all other suspicious activities.

Traffic is automatically blocked from any sources that show unusual behaviour patterns or exceed certain thresholds.

All suspicious events are logged and IT staff notified.

Multiple levels of firewall control are in place.

Performance and Reliability

Security is only one aspect of the robustness of a system. The most secure server is of no use if it's inaccessible half the time or too slow. SurveyShack treats reliability equally as important as security, both of which are always a top priority and are constantly monitored.

SurveyShack’s farm of servers are managed by redundant load balancing front-end routers which distribute traffic across the farm to ensure that no server is overloaded.

The basic architecture includes:

• Fully-redundant routers, switches, and firewalls
• Industry RAID systems
• Automated back-ups on stored on and off site
• Multiple points of access to major UK Internet backbones
• Battery and diesel-generated power backup
• Raised floor facilities
• Sophisticated fire suppression system.

Electrical Power

Power to the servers are routed through lightning protection, a generator able to power the entire server centre and redundant UPS’s before getting to the servers. This ensures that all power to the servers is supplied at a smooth rate and also ensures that sufficient and clean power can be maintained for an indefinite period of time even in an extended power failure.

Fire Protection

System and Data Back-Up

System Upgrades

SurveyShack has multiple instances of all systems which means that if one system has an issue, the backup system will come online to allow engineers ample time to fix whatever issues may have occurred. Our industry standard 99.6% guaranteed uptime has always been achieved and currently sits at 99.9%. Our systems have in-built monitoring to alert engineers immediately when any of our systems go offline at which point up to 3 engineers will be sent an alert by text and email to alert time of the issue. With 24/7 monitoring in this way, we rarely have any downtime. Any issues are covered by backup systems allowing ample time for rectification while customers experience the minimum possible downtime, if any at all.

System and User Support

All technical support requests, whether received by email or telephone, are attended to immediately by SurveyShack’s helpline support staff. In the rare event that they are unable to meet the client’s needs, the issue is immediately referred to the technical support team who attend to all client-based enquiries as a matter of first priority.

Where necessary, they may liaise directly with the customer to ensure the most efficient communication is achieved and the matter resolved in the shortest possible timeframe.

Ownership of Data

All data acquired by the system remains the exclusive property of The Client and is available to The Client at any time.

Quality / Professional Bodies

SurveyShack is a registered Data Controller under the Data Protection Act 1998 and as such is legally bound to meeting all requirements, as defined by the Act.

SurveyShack is also a fully paid up Company Partner Membership of the MRS (the Market Research Society www.mrs.org.uk) and as such is bound by the MRS code of ethics.

 

The bottom line is that SurveyShack are serious about security and reliability. We realize that there are no excuses and no shortcuts when it comes to these two issues.

We see this as a continual, daily process to monitor and change with new threats and issues relating to security and reliability to ensure the long term relationships we desire with all of our clients.

If you have any questions or comments about security or reliability, please contact us