Security at SurveySparrow
As an omnichannel experience management platform, SurveySparrow strongly believes in the power of better experiences and enables businesses of all sizes and industries to refine their customer, employee & product experiences using a single system.
Considering that SurveySparrow enables a range of mission-critical, and sensitive use cases for our customers, we consider privacy and data protection as the core functions of our platform and new feature development. We hold ourselves to the highest security standards without compromise.
SOC 2 Type II
Put forth by the American Institute of Certified Public Accountants (AICPA), SOC 2 Type II is a comprehensive reporting framework that defines and outlines criteria to manage customer data based on five “trust service principles” - processing integrity, availability, privacy, security, and confidentiality. SOC2 ensures secure managing of data entrusted by SurveySparrow’s customers to protect their privacy and interests.
ISO/IEC 27001
ISO/IEC 27001:2022, an internationally recognised standard for implementing Information Security Management System (ISMS) ensuring confidentiality, integrity & availability of information within the organisation.
HIPAA
HIPAA is a federal legislation that provides data privacy & security provisions for safeguarding Personal Health Information (PHI) held or transmitted by Covered Entity/Business Associates.
GDPR
GDPR is the stringent European Union (EU) data protection law that sets standards for organisations to collect, process, or store information on EU individuals/ Data Subjects.
Microsoft 365
Experience the power of seamless integration with SurveySparrow. Our certification with Microsoft 365 assures that we meet the highest standards of security, compliance, and compatibility, providing you with a reliable and efficient platform to build and distribute surveys.
CCPA
CCPA is a landmark legislation that enhances data privacy rights of California Residents & giving control over the personal data collected, processed and/or disclosed by the businesses.
- Data Security
- Physical Security
- Application Security
- Network Security
- Operational Security
- How to report an issue
Data Security
SurveySparrow manages the security of its application and customers data. However, provisioning and access management of individual account is at the discretion of individual account owners.
Changes to the application, web content, infrastructure and deployment processes are documented as part of an internal change control process. The security review makes it mandatory that each version should be compliant with the company's internal ISMS policies.
Physical Security
SurveySparrow's development center in Cochin is under 24x7 protection by Government security, at both premises level and floor level to ensure that only authorized individuals have access to the building and the SurveySparrow office. Barriers and guards secure the building's premises. The floor level is equipped with security guards and biometric readers to authorize the entry of individuals. Employees are granted office access only after authorization using government-issued IDs. Critical locations in the office are available only to authorized individuals.
Application Security
All of SurveySparrow's products are hosted on Amazon Web Services. The infrastructure for application servers and databases is managed and maintained by the cloud service provider. At SurveySparrow, we employ a multifaceted approach to application security, to ensure that every process from engineering to deployment, including quality assurance and architecture adheres to our highest standards of safety.
Network Security
In this section, network security is discussed in detail from the development center's perspective and the network where the application is hosted.
SurveySparrow's office network where updates are developed, deployed, monitored and managed is secured by antivirus software and industry-grade firewalls, to provide active alerts in the event of a threat or incident and to protect internal information systems from intrusion. Firewall logs are stored and reviewed at regular intervals. Access to the production environment is via SSH and remote access is possible only through the office network. Audit logs are generated for each remote user session and reviewed. Also, access to production systems is always through a multi-factor authentication mechanism.
Operational Security
SurveySparrow understands that formal procedures, controls and well-defined responsibilities need to be in place to ensure continued data security and integrity. The company has transparent change management processes, fallback mechanisms and logging and monitoring procedures which have been put in place as part of its operational security instructions. An information security committee is present to oversee and approve organization-wide security policies.
How to report an issue
If you believe you've discovered a security-related issue, please report the issue at security@surveysparrow.com. Please feel free to reach out at the same address to clarify any queries