Security policy
Updated January 2024
Surveypal Commitment to Security
- Surveypal is in business of providing customers with efficient and secure customer feed-back solutions.
- Surveypal continuously works on implementing accepted industry practices to protect customers’ data and Surveypal service against security threats and malicious actors.
- Surveypal continuously analyses security risks and makes decisions of which risks require mitigation actions and which risks can be accepted.
- Surveypal continuously improves the resilience of its IT infrastructure by using accepted industry practices to implement secure and resilient cloud-based solutions.
- Surveypal continuously improves its processes to respond to and to recover from incidents and unforeseen changes in environment.
- Surveypal continuously improves its security solutions – the whole organisation is committed to the continuous improvement of security.
Surveypal Information Security Management System (ISMS)
- Roles and responsibilities of information security shall be defined and communicated to the whole organisation.
- Surveypal management team has the responsibility for establishing and managing security
- One member of the management team is named as Chief Security Officer, who is responsible for the information security risk analysis and for the continuous improvement of information security controls
- Business requirements for availability and integrity shall be met
- Surveypal IT infrastructure is protected against attacks
- Surveypal continuously improves secure and resilient infrastructure
- Confidentiality of information is protected
- Access to information is controlled with accepted industry practices
- Encryption is used to protect sensitive data at rest and data in transit
Security and Privacy Governance
- To guarantee the continuous improvement of security, Surveypal has implemented an Information Security Management System (ISMS) in line with the ISO27001 standards.
- Surveypal’s ISMS implementation covers the entire operations of the company.
- Surveypal has implemented a security governance process, which sets the information security objectives to protect the confidentiality, integrity, and availability of the company’s business operations and decides the best methods to achieve the objectives.
- Surveypal continuously analyses security risks and decides which risks require mitigation actions.
- To mitigate information security risks, Surveypal has implemented information security controls according to accepted industry best practices.
- Surveypal maintains a security awareness training program for employees and sub-contractors
Identity and Access Management
- Surveypal manages and stores customers’ user credentials in a secure way
- Surveypal employee and sub-contractor digital identity creations and removals are done in a controlled and secure way
- Surveypal uses accepted industry practices to manage the online authentication of its own employees and sub-contractors
- Authorisations are based on work duties, and principle of least privileges is used
Security Incident Handling
- Surveypal has implemented security incident handling process as part of customer support processes
- If the investigation of a potential security incident leads into a conclusion that the incident must be treated as a security incident, the process includes the following mandatory steps
- If any customer data has been involved, the affected customers will be informed
- In case of data breach, Surveypal will also inform relevant local authorities if required
Secure Technology Platform
- Surveypal service is developed and managed in a secure cloud environment, which enables fast and efficient disaster recovery
- Surveypal manages backups of customers’ data according to accepted industry practices
- Surveypal manages the set-up of software assets and databases securely and according to accepted industry practices
- Surveypal uses encryption to protect sensitive data at rest and in motion
- Surveypal manages security patching and software upgrades of the service implementation in a systematic and timely manner.
- Surveypal continuously improves its security testing practices towards accepted industry practices – this includes periodic vulnerability scans and continuous security testing
- Surveypal manages endpoint security of laptops and mobile phones according to accepted industry standards – this includes secure asset management and anti-virus solutions.