Security policy

Surveypal Commitment to Security

  • Surveypal is in business of providing customers with efficient and secure customer feed-back solutions.
  • Surveypal continuously works on implementing accepted industry practices to protect customers’ data and Surveypal service against security threats and malicious actors.
  • Surveypal continuously analyses security risks and makes decisions of which risks require mitigation actions and which risks can be accepted.
  • Surveypal continuously improves the resilience of its IT infrastructure by using accepted industry practices to implement secure and resilient cloud-based solutions.
  • Surveypal continuously improves its processes to respond to and to recover from incidents and unforeseen changes in environment.
  • Surveypal continuously improves its security solutions – the whole organisation is committed to the continuous improvement of security.

Information Security Objectives

  • Roles and responsibilities of information security shall be defined and communicated to the whole organisation.
    • Surveypal management team has the responsibility for establishing and managing security
    • One member of the management team is named as Chief Security Officer, who is responsible for the information security risk analysis and for the continuous improvement of information security controls
  • Business requirements for availability and integrity shall be met
    • Surveypal IT infrastructure is protected against attacks
    • Surveypal continuously improves secure and resilient infrastructure
  • Confidentiality of information is protected
    • Access to information is controlled with accepted industry practices
    • Encryption is used to protect sensitive data at rest and data in transit

Security and Privacy Governance

  • Surveypal maintains information security program, which is in line with the accepted industry practices
  • Surveypal takes responsibility of all systems that it uses to store, process, or transmit customers’ data
  • Surveypal will store customer data only for such reasons, which are required to fulfil the obligations of offering Surveypal service and manage it in a secure way
  • Surveypal implements and maintains security controls designed to protect the confidentiality, integrity, and availability of customers’ data and Surveypal service
  • Surveypal maintains security awareness training program for employees and sub-contractors

Identity and Access Management

  • Surveypal manages and stores customers’ user credentials in a secure way
  • Surveypal uses accepted industry practices to manage the online authentication of its own employees and sub-contractors
  • Surveypal employee and sub-contractor digital identity creations and removals are done in a controlled and secure way
  • Authorizations are based on work duties and principle of least privileges is used
  • Surveypal uses segregation of duties, where practically applicable

Security Incident Handling

  • Surveypal has implemented security incident handling process as part of customer support processes
  • If the investigation of a potential security incident leads into a conclusion that the incident must be treated as a security incident, the process includes the following mandatory steps
    • If any customer data has been involved, the affected customers will be informed
    • In case of data breach, Surveypal will also inform relevant local authorities if required

Secure Technology Platform

  • Surveypal service is developed and managed in a secure cloud environment, which enables fast and efficient disaster recovery
  • Surveypal continuously improves its security testing practices towards accepted industry practices – this includes periodic vulnerability scans and use of third-party audits and penetration tests
  • Surveypal manages the set-up of software assets and databases securely and according to accepted industry practices
  • Surveypal uses encryption to protect sensitive data at rest and in transit
  • Surveypal manages security patching and software upgrades of the service implementation in a systematic and timely manner.
  • Surveypal manages backups of customers’ data according to accepted industry practices.
  • Surveypal manages endpoint security of laptops and mobile phones according to accepted industry standards – this includes secure asset management and anti-virus solutions.