Data Security

SurveySparrow manages the security of its application and customers' data. However, provisioning and access management of individual account is at the discretion of individual account owners.

Changes to the application, web content, infrastructure and deployment processes are documented as part of an internal change control process. The security review makes it mandatory that each version should be compliant with the company's internal ISMS policies.

Physical Security

SurveySparrow's development center in Cochin is under 24x7 protection by Government security, at both premises level and floor level to ensure that only authorized individuals have access to the building and the SurveySparrow office. Barriers and guards secure the building's premises. The floor level is equipped with security guards and biometric readers to authorize the entry of individuals. Employees are granted office access only after authorization using government-issued IDs. Critical locations in the office are available only to authorized individuals.

Documents of high importance are stored in cabinets that are only accessible to authorized individuals.

Application Security

All of SurveySparrow's products are hosted on Amazon Web Services. The infrastructure for application servers and databases is managed and maintained by the cloud service provider. At SurveySparrow, we employ a multifaceted approach to application security, to ensure that every process from engineering to deployment, including quality assurance and architecture adheres to our highest standards of safety.

Network Security

In this section, network security is discussed in detail from the development center's perspective and the network where the application is hosted.

SurveySparrow's office network where updates are developed, deployed, monitored and managed is secured by antivirus software and industry-grade firewalls, to provide active alerts in the event of a threat or incident and to protect internal information systems from intrusion. Firewall logs are stored and reviewed at regular intervals. Access to the production environment is via SSH and remote access is possible only through the office network.

Operational Security

SurveySparrow understands that formal procedures, controls and well-defined responsibilities need to be in place to ensure continued data security and integrity. The company has transparent change management processes, fallback mechanisms and logging and monitoring procedures which have been put in place as part of its operational security instructions. An information security committee is present to oversee and approve organization-wide security policies.

Operational security begins right from recruiting an engineer to training and auditing their work products. We perform standard background verification checks (including verification of academic records) on all new employees.

How to report an issue

If you believe you've discovered a security-related issue, please report the
issue at security@surveysparrow.com. Please feel free to reach out at the
same address to clarify any queries.