How SurveyGizmo Safeguards Your Data

While SurveyGizmo provides an incredibly easy-to-use platform allowing users to collect all types of data from all types of sources, we also provide a powerful set of controls and tools to ensure your data is protected. We work with some of the world’s top brands across all industries, and we deploy industry-leading controls so your data is protected.

We fully understand that together, we all bear responsibility for the data our customers share with us, so we don’t stop at just meeting the minimums that legislation demands. As a global provider of surveys and software, doing the right thing with data security and privacy is our bedrock.

Completely GDPR Compliant

SurveyGizmo has taken GDPR compliance as the benchmark for protecting all of our customers’ and respondents’ privacy, regardless of where they are.

2020欧洲杯体育投注网址We provide a GDPR Command Center with educational materials that are constantly updated, as new information, practices, and requirements become public. [DR1] All our customers have 24/7/365 access to a standard Data Processing Addendum (DPA). The DPA is a contractual agreement between our customers and SurveyGizmo to ensure we handle and process data as directed by our customers at all times. In addition, all of our employees receive GDPR training led by our own GDPR-certified Privacy Foundations and Practitioner.

2020欧洲杯体育投注网址SurveyGizmo has a GDPR-compliant data center in Germany to ensure customers who use our European-based datacenter will not have their respondent data transferred to the U.S. without their approval. Our other two data centers in Canada and the USA are also GDPR compliant, and our membership in Privacy Shield means customers can transfer data to our servers outside the EU with assurance it will be as protected as it is in the EU with the same rights to privacy.

2020欧洲杯体育投注网址Thanks to our advanced privacy notice and opt-in consent process, SurveyGizmo customers can use our platform to help them comply with GDPR requirements. Account administrators can easily include necessary consents within their surveys. In the event a customer of SurveyGizmo needs to retrieve the respondents’ consent, this is easily done via the platform through the account administrator. 

We make it easy for an organization to deploy data privacy disclosures and opt-in statements across their surveys throughout their organization. We also enable customers to configure a data retention policy, easily, and we will automatically purge their data based on the retention rules the customer defines.

Secure Application and Data Architecture

2020欧洲杯体育投注网址Through Amazon Web Services (AWS), we have a fault-tolerant, highly available, and scalable infrastructure. We employ web application firewalls and load balancers to protect against intrusion and surges in traffic volume. We are committed to providing a 99.9% uptime for survey takers and application users.

We utilize a Virtual Private Cloud (VPC) and also create separate network segments using AWS Security Groups, which are the equivalent of firewall rules. There are separate security groups for the different tiers of the application which restrict access on a need-to-have, least-privilege basis.

2020欧洲杯体育投注网址In addition, SurveyGizmo leverages global infrastructure from AWS to better serve our customers. As a SurveyGizmo customer, you choose where your data resides, and your data remains in that data center, unless you export it or request a move from our Customer Support Team.

Focused on Data Security

SurveyGizmo performed a SOC2 Type I audit in 2019 with the purpose of building a mature, continuous monitoring program to immediately start a SOC2 Type II certification in 2020 and every year thereafter. SurveyGizmo employs a full-time dedicated cybersecurity professional who specializes in building, implementing, and maintaining robust cybersecurity frameworks with experience with the DoD, DoE, Higher Education, and other public and private sector organizations.

The company also works with an external third-party to perform annual penetration tests (pen tests) on our application and network. In addition, regularly test and scan the application and network to look for vulnerabilities.

Our mature Vulnerability Management program includes scanning tools, real-time alerting, and regular Vulnerability Management team meetings, which feeds into our Enterprise Risk Management Program.

2020欧洲杯体育投注网址SurveyGizmo is proud we do not just comply with standards and certifications; we see those standards as the foundation upon which we build our information security practice. So you know your data is safe.

Infrastructure Architecture and Controls

Infrastructure Architecture and Controls

Built on AWS, following best-practices architecture

Redundant server infrastructure spanning multiple availability zones

Automated infrastructure scaling

Federated multi-tenant databases

Anti-virus and malware detection

Web filtering

2020欧洲杯体育投注网址Web Application Firewalls (WAF)

2020欧洲杯体育投注网址Stateful packet inspection via firewalls

Dedicated encrypted database instances

Full disk encryption on all office information systems

2020欧洲杯体育投注网址Databases and backups are encrypted with AES-256

Databases backups are performed every hour and are retained for 90 days

Quarterly mock recovery tests to ensure backup integrity

2020欧洲杯体育投注网址Network Segmentation with DMZs, VPCs, IPSec Tunnels

All privileged user accounts require multi-factor authentication (MFA)

Secure data deletion process

2020欧洲杯体育投注网址Centralized logging

2020欧洲杯体育投注网址Centralized monitoring

Centralized configuration management

24×7 monitoring and support to respond to incidents

2020欧洲杯体育投注网址Production servers are frequently patched to ensure their security is always up to date

All application traffic encrypted with SSL (TLS 1.2)

2020欧洲杯体育投注网址Password complexity and re-use rules enforced across all tiers

2020欧洲杯体育投注网址Passwords changed at least every 90 days

2020欧洲杯体育投注网址Office physical security controls (badges, cameras, alarm)

Application-Level Security Features and Controls

Team-based and Role-based permissions to manage access within SurveyGizmo

Single Sign-On (SSO) using SAML 2.0

Ability to enforce Multifactor Authentication (MFA) with TOTP or SMS

Customizable survey restrictions in multi-user accounts

2020欧洲杯体育投注网址Row level data encryption features

Data Retention Policy (DRP) features

2020欧洲杯体育投注网址User access logs to record all logins to your SurveyGizmo account

API access permission controls

Account password restrictions

2020欧洲杯体育投注网址Create a Privacy / Data Use Policy for your Surveys

2020欧洲杯体育投注网址Create an Anonymous Survey

2020欧洲杯体育投注网址Control SurveyGizmo Support’s access to your account

Permanently delete data

Standard Operating Procedures

Annual Risk Assessment

2020欧洲杯体育投注网址Annual Business Continuity / Disaster Recovery exercises

Ongoing application vulnerability scans via WhiteHat and BURP Suite

Ongoing infrastructure vulnerability scans via Tenable

Working with 3rd party security analysts / testers

Weekly incident review meeting
Security and risk assessments integrated into SDLC

2020欧洲杯体育投注网址Separation of duties / responsibilities

2020欧洲杯体育投注网址Incident response team and process

2020欧洲杯体育投注网址Principle of Least Privileged Access practices

Documented change review process and approval for all production changes

Documented escalation and incident handling processes

2020欧洲杯体育投注网址Version control

Restricted, automated software release processes

24×7 abuse report process

Company-wide mandatory security training program

Background checks for all employees

2020欧洲杯体育投注网址HR policies in place around acceptable use, NDA, and customer account access

No third-party contractor access to production data or infrastructure

2020欧洲杯体育投注网址Inventory management process for all technology assets

Put your feedback in motion

Start a free 7-day trial or speak with a member of our sales team.

start a free trial