Survicate is hosted on the AWS cloud in Ireland.
โน๏ธ AWS Compliance Programs such as ISO 27001 or SOC 2 ensure the security of our infrastructure.
Read on to learn about:
Survicate's data encryption;
our backups policy;
network and servers security;
workstation security;
monitoring, logging, and alerting.
Data encryption
Your data, including respondents' details and survey responses, is secure both at rest and in transit.
We use the HTTPS protocol in transit to protect your data. Our TLS/SSL setup follows the latest recommendations.
Our databases and file stores are encrypted. We use AWS KMS which is a secure and resilient service that employs hardware security modules. They have been validated under FIPS 140-2, or are in the process of being validated, to protect our encryption keys.
Backups policy
We store our backups in at least three regions located in Ireland. As a part of our Disaster Recovery Plan, we've also implemented the process for off-site backups on removable disks. Our backup media is stored in a protected facility elsewhere than other facilities to mitigate the impact in the event of a disaster.
We have a fixed backup cycle, and we regularly test backups to ensure they work as expected.
All backups, including off-site backups, are encrypted.
Network and servers security
To protect your data, we've divided our system. Development and testing environments are isolated from the production environment. Access to our databases and servers is restricted and securely configured within private subnets.
All public traffic is distributed through load balancers and firewalls. Our High Availability architecture has implemented redundancy, monitoring, and failover to make sure that all systems work properly even if a single component fails.
Workstations security
All workstations given to our personnel are configured in such a way as to comply with the highest standards of security.
We have an antimalware, firewall, and device control software installed on all our workstations.
We use full-disk encryption in place for our laptop fleet. We do not allow access to corporate information from unencrypted devices such as mobile phones or tablets.
Monitoring, logging, and alerting
We have comprehensive logging, including security events, in place for all the relevant services. We regularly review the logs and retain event logs for at least one year should we need to investigate a security incident.
Learn more
๐ Check the Legal & Security section to learn about Survicate's Application security, Infrastructure security, and what makes us GDPR compliant.
๐ฌ If you encounter any security-related issues such as phishing, please reach out to us at security@survicate.com. For other inquiries, please contact our team at support@survicate.com, or strike up a chat conversation ๐.