SmartSurvey will not, under any circumstances, use the information collected from our members' surveys in any way. In addition, any other material you provide us (including images, email addresses, etc.) will be held in the strictest confidence. All data is stored on our UK/EU-based servers. We will not collect personally identifiable information about you except when you provide this information to us on a voluntary basis. We will make every effort to ensure that all information you provide is maintained in a secure environment.
SmartSurvey is ISO27001 certified and fully compliant with the internationally recognised standard for the information security management system (ISMS). The standard requires systematic examination of any risks to information security, with comprehensive policies to manage those risks put in place. By continuously updating our data security policies we ensure that we are a proactive organisation, not a reactive one.
Accredited certification to ISO27001 validates that we are following international information security best practices. This demonstrates to our customers worldwide that we take the security of their data very seriously. Certification to ISO27001 ensures that all our client’s information is kept secure and shows our ongoing commitment to delivering an exceptional service.
What is Cyber Security?
With the rapid development in technology, cyber security is critical for the safeguarding of your data. At SmartSurvey we recognise the importance of protecting systems, networks and data in cyber space and are proud to be fully Cyber Essentials Plus certified.
The Cyber Essentials Plus Scheme
Developed by the UK Government, the Cyber Essentials scheme, has been designed to prevent the most prevalent forms of cyber attacks. The Cyber Essentials Plus scheme provides a higher level of assurance, tested by a qualified and independent assessor who simulates basic hacking and phishing attacks and is now a minimum requirement for bidding for some government contracts.
5 key controls required help to protect against internet-based attacks:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access controls and administrative privilege management
- Patch management
- Malware protection
Access control for surveys
Respondents' access to surveys can be controlled by password and username protection. This feature ensures only a certain group of individuals chosen by you, the Administrator, are able to take the survey.
Our firewall is set up as a separate machine that acts as a gateway for access to all other servers in our system. This firewall is designed to prevent hackers from entering the system and searching files and information. The firewall acts as a barrier so that we only have a single point of entry to our system, which is through the web browser. All of our internal databases and applications are shielded from any access outside the firewall.
Specific data items
Individual data items are not encrypted, however, they are keyed to the survey owner's email and password. We implement extensive checks so that access to each individual data item (and all computation requests) require confirmation of correct email and password.
SmartSurvey is tested and certified daily to pass the McAfee Secure Security Scan. To help address concerns about hacker access to confidential data, the "live" McAfee Secure mark appears only when a website meets the McAfee Secure standards. Research indicates sites remotely scanned for known vulnerabilities on a daily basis, such as those earning McAfee Secure certification, can prevent over 99% of hacker crime.
This website takes every precaution to protect our users' information. When users submit sensitive information via the website, their information is protected both online and offline.
When our registration or payment form asks users to enter sensitive information, such as a credit card number, that information is encrypted and is protected with the best encryption software in the industry - SSL.
While on a secure page, such as our registration or payment form, the lock icon displayed on your web browser becomes locked, as opposed to un-locked (or open) when users are just 'surfing'. While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information offline. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
Furthermore, all employees are kept up-to-date on our security and privacy practices every quarter, as well as any time new policies are added. Our employees are notified and/or reminded about the importance we place on privacy and what they can do to ensure our users' information is protected. Finally, the UK/EU-based servers that store personally identifiable information are in a secure environment, in a locked facility. If users have any questions about the security policies and processes in place, users can send an email to email@example.com.