Security policy
Surveypal Commitment to Security
- Surveypal is in business of providing customers with efficient and secure customer feed-back solutions.
- Surveypal continuously works on implementing accepted industry practices to protect customers’ data and Surveypal service against security threats and malicious actors.
- Surveypal continuously analyses security risks and makes decisions of which risks require mitigation actions and which risks can be accepted.
- Surveypal continuously improves the resilience of its IT infrastructure by using accepted industry practices to implement secure and resilient cloud-based solutions.
- Surveypal continuously improves its processes to respond to and to recover from incidents and unforeseen changes in environment.
- Surveypal continuously improves its security solutions – the whole organisation is committed to the continuous improvement of security.
Information Security Objectives
- Roles and responsibilities of information security shall be defined and communicated to the whole organisation.
- Surveypal management team has the responsibility for establishing and managing security
- One member of the management team is named as Chief Security Officer, who is responsible for the information security risk analysis and for the continuous improvement of information security controls
- Business requirements for availability and integrity shall be met
- Surveypal IT infrastructure is protected against attacks
- Surveypal continuously improves secure and resilient infrastructure
- Confidentiality of information is protected
- Access to information is controlled with accepted industry practices
- Encryption is used to protect sensitive data at rest and data in transit
Security and Privacy Governance
- Surveypal maintains information security program, which is in line with the accepted industry practices
- Surveypal takes responsibility of all systems that it uses to store, process, or transmit customers’ data
- Surveypal will store customer data only for such reasons, which are required to fulfil the obligations of offering Surveypal service and manage it in a secure way
- Surveypal implements and maintains security controls designed to protect the confidentiality, integrity, and availability of customers’ data and Surveypal service
- Surveypal maintains security awareness training program for employees and sub-contractors
Identity and Access Management
- Surveypal manages and stores customers’ user credentials in a secure way
- Surveypal uses accepted industry practices to manage the online authentication of its own employees and sub-contractors
- Surveypal employee and sub-contractor digital identity creations and removals are done in a controlled and secure way
- Authorizations are based on work duties and principle of least privileges is used
- Surveypal uses segregation of duties, where practically applicable
Security Incident Handling
- Surveypal has implemented security incident handling process as part of customer support processes
- If the investigation of a potential security incident leads into a conclusion that the incident must be treated as a security incident, the process includes the following mandatory steps
- If any customer data has been involved, the affected customers will be informed
- In case of data breach, Surveypal will also inform relevant local authorities if required
Secure Technology Platform
- Surveypal service is developed and managed in a secure cloud environment, which enables fast and efficient disaster recovery
- Surveypal continuously improves its security testing practices towards accepted industry practices – this includes periodic vulnerability scans and use of third-party audits and penetration tests
- Surveypal manages the set-up of software assets and databases securely and according to accepted industry practices
- Surveypal uses encryption to protect sensitive data at rest and in transit
- Surveypal manages security patching and software upgrades of the service implementation in a systematic and timely manner.
- Surveypal manages backups of customers’ data according to accepted industry practices.
- Surveypal manages endpoint security of laptops and mobile phones according to accepted industry standards – this includes secure asset management and anti-virus solutions.