βΉοΈ AWS Compliance Programs such as ISO 27001 and SOC 2 ensure the security of our infrastructure.
Development and maintenance of our product is ISO 27001 certified as well.
Survicate is hosted on the AWS cloud in Ireland.
We strive to provide our customers with solutions that help them safeguard their accounts against data breach and unwarranted interference.
In this article, you'll learn:
how we process payments;
what are the possible user roles;
how to enable two-factor authentication (2FA) on your account
and more about:
Survicate's data encryption;
our backups policy;
network and servers security;
workstation security;
monitoring, logging, and alerting.
Payment processing
At Survicate, credit card data security is of crucial importance. For that reason, we use Braintree to handle credit card information securely. We use Recurly to manage the customer's subscription and billing information. Both Braintree and Recurly are Validated Level 1 PCI DSS Compliant Service Providers.
βΉοΈ Learn more about Braintree security practices.
User roles management
Survicate segments the Survicate Panel into different areas of access for maximum user control. There are four roles in Survicate, each serving a different purpose. You can be either an organization owner, workspace administrator, user, or guest. Users will not be able to see or access navigation menu items or pages they do not have access to.
π Read more on adding and managing users and available user roles here.
Two-factor authentication (2FA)
To add an additional layer of security to your Survicate account, you can turn on two-factor authentication (2FA).
We highly recommend enabling two-factor authentication which has become a standard method of authentication across the internet to protect yourself against unauthorized access.
Single Sign-On (SSO)
SAML single-sign-on gives users a centralized and secure way of controlling access to their organizations. Survicate supports SSO via SAML 2.0 standard. We have dedicated tutorials for Okta and OneLogin, but itβs also possible to integrate with other providers for as long as they support SAML 2.0.
π Read up more on SSO here.
Data encryption
Your data, including respondents' details and survey responses, is secure both at rest and in transit.
We use the HTTPS protocol in transit to protect your data. Our TLS/SSL setup follows the latest recommendations.
We allow only the TLS protocol at version 1.2 or higher to ensure the security and integrity of our communications. We do not permit the use of older versions such as TLS 1.1 and 1.0.
Our databases and file stores are encrypted. We use AWS KMS which is a secure and resilient service that employs hardware security modules. They have been validated under FIPS 140-2 to protect our encryption keys.
Backups policy
We store our backups in at least three regions located in Ireland. As a part of our Disaster Recovery Plan, we've also implemented the process for off-site backups on removable disks. Our backup media is stored in a protected facility elsewhere than other facilities to mitigate the impact in the event of a disaster.
We have a fixed backup cycle, and we regularly test backups to ensure they work as expected.
All backups, including off-site backups, are encrypted.
Network and servers security
To protect your data, we've divided our system. Development and testing environments are isolated from the production environment. Access to our databases and servers is restricted and securely configured within private subnets.
All public traffic is distributed through load balancers and firewalls. Our High Availability architecture has implemented redundancy, monitoring, and failover to make sure that all systems work properly even if a single component fails.
Workstations security
All workstations given to our personnel are configured in such a way as to comply with the highest standards of security.
We have an antimalware, firewall, and device control software installed on all our workstations.
We use full-disk encryption in place for our laptop fleet. We do not allow access to corporate information from unencrypted devices such as mobile phones or tablets.
Monitoring, logging, and alerting
We have comprehensive logging, including security events, in place for all the relevant services. We regularly review the logs and retain event logs for at least one year should we need to investigate a security incident.
Learn more
π Check the Legal & Security section to learn about what makes us GDPR compliant.
π¬ If you encounter any security-related issues such as phishing, please reach out to us at security@survicate.com. For other inquiries, please contact our team at support@survicate.com, or strike up a chat conversation π.