EyeQuestion Software is dedicated to protecting all customer data using industry best standards. Our customer base demand the highest levels of data security, and have tested our services to verify that it meets their standards. In each case, we have surpassed expectations and received high praise from large international organizations.
EyeQuestion Software’s most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. Complete penetration tests are performed yearly. All services have quick failover points and redundant hardware, with complete backups performed nightly. Access to systems is severely restricted to specific individuals, whose access is monitored and audited for compliance.
Customer data is stored in a secure location. In addition, all data is solely processed in that location, and is never moved to another jurisdictional area. In other words, if data is collected in the EU, all data is also processed in the EU.
EyeQuestion Software uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-16 method.
EyeQuestion Software is ISO 27001/2013 certified and therefore meets meet or exceed the minimum requirements as outlined in ISO 27001/27002.
Versions 4.11 and higher of the EyeQuestion Suite are fully compatible and comply to the General Data Protection Regulation (GDPR) requirements.
EyeQuestion Software (Logic8 BV) uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.
Server and data security
EyeQuestion runs on a dedicated and fully managed Windows cloud server hosted within a secure state-of-the-art data center run by Rackspace and AWS, the world’s leading hosting companies.
The reason we use Rackspace as our hosting company is that they comply to the most important security certifications and standards.
Options for physical server locations are currently; Dallas US, London United Kingdom and Frankfurt.
The EyeQuestion servers run Windows Server 2016. Physical server security and the security of data are ensured through a number of industry standard safeguards, including:
Physical security of data centre
The Rackspace and AWS data centres hosting the EyeQuestion solutions are fully certified and independently audited. They are secured by card key access and continual surveillance. Specific security initiatives include:
- Staffed 24x7x365 with separate security lobby. Electronic security features with card key access.
- Data centre access limited to Rackspace and AWS approved personnel.
- Security camera monitoring at all data centre locations. CCTV archived video. Alarm systems.
- Unmarked facilities with confidential physical addresses (restricted to authorized Rackspace and AWS personnel).
Rackspace and AWS provide a number of network protection and firewall systems including:
- Redundant Cisco 3-tier LAN Architecture
- Zero-Downtime NetworkTM guarantee protected by a Cisco ASA 5505 dedicated firewall
- Port Monitoring Service
- Anti-virus protection with the EyeQuestion servers running the latest versions of Clamwin anti-virus with anti-virus signatures updated daily.
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) mitigation services based on Rackspace’s proprietary Rackspace PrevenTier™ system.
Hardware availability is ensured through the choice of Rackspace’s and AWS world-class data centres with redundant power and HVAC systems, and covered by a worst case scenario 1-hour Hardware Replacement guarantee ensuring that any hardware faults are repaired immediately no matter what time of the day or night they may occur.
There is a 2-hour commencement of onsite data restores in the event of a worst case scenario hardware failure – ensuring that a new server is up and running again with recovered data within 2 hours.
Server availability and performance
In addition to automatic alerts, EyeQuestion staff routinely checks EyeQuestion system status to ensure optimum performance. These checks include web applications, Windows services and the EyeQuestion database integrity.
EyeQuestion uses Rackspace’s Managed Services for Rackspace and AWS which continuously monitors the availability of all standard ports, CPU, Memory, Disk space and if any test fails the 24x7x365 support staff will initiate an automatic restart of the server.
Cloudflare is used to ensure a fast, reliable content delivery network with added CDN, DNS, DDoS protection and security.
Data redundancy, backup and restore
EyeQuestion makes use of Rackspace and AWS Managed Backup facility. This fully managed nightly backup over a dedicated GigE backup network and uses an integrated system of Daily and Weekly Encrypted Backups and System images. All daily backups are retained for 30 days, weekly backups for 60 days. System Images are created daily and weekly and they are retained for 7 days.
Many parts of EyeQuestion‟ own disaster recovery plan are also covered by our data centre supplier – Rackspace and AWS. This includes automatic replacement of faulty hardware, data recovery and restarting of servers by the 24x7x365 support staff at Rackspace and AWS.
The EyeQuestion application is written in Java and runs on a Windows and Linux Server, using Apache Tomcat and MySQL.
Systems are installed using patched Operating Systems. All updates are tested prior to installation to ensure full compatibility with the EyeQuestion software.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if EyeQuestion Software (Logic8 BV) learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of survey responses, but it is your responsibility to ensure that your surveys are configured to use that feature where appropriate.
For specific security questions or custom security requirements please contact customer support.