Security Statement of EyeQuestion Software
This security statement explains how by Logic8 B.V. trading as EyeQuestion (“us”, “we”, or “our”) protects customer data when using products and services offered by EyeQuestion. We refer to those products, services and websites collectively as the “services” in this statement.
For questions about our security statement, please do not hesitate to contact us.
Email us at: [email protected]
Call us on: +31 (0)481 350 370 or
Write to us at: Nieuwe Aamsestraat 90D, NL-6662NK, Elst, The Netherlands
EyeQuestion Software is dedicated to protecting all customer data using industry best standards. Our customer base demand the highest levels of data security and have tested our services previously to verify that it meets their standards. In each case, we have surpassed expectations and received high praise from large international organisations.
Ways we protect our customer data
EyeQuestion Software’s most important concern is the protection and reliability of customer data.
- Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched.
- Complete penetration tests are performed yearly.
- All services have quick failover points and redundant hardware, with complete backups performed nightly.
- Access to systems is severely restricted to specific individuals, whose access is monitored and audited for compliance.
- Server and data security
This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Customer data is stored in a secure location. In addition, all data is solely processed in that location, and is never moved to another jurisdictional area. In other words, if data is collected in the EU, all data is also processed and stored in the EU. Options for physical server locations are currently; Ohio (USA) and Frankfurt (Germany).
EyeQuestion Software uses the most advanced technology for Internet security which is currently commercially available. EyeQuestion Software uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-16 method. EyeQuestion Software is ISO 27001/2013 certified and therefore meets or exceeds the minimum requirements as outlined in ISO 27001/27002.Versions 4.11 and higher of EyeQuestion are fully compatible and comply with General Data Protection Regulation (GDPR) requirements.
EyeQuestion runs on a dedicated and fully managed Windows cloud server hosted within a secure state-of-the-art data center run by Rackspace and AWS, the world’s leading hosting companies. The main reason we have chosen Rackspace as our hosting company is that they comply to the most important security certifications and standards.
The EyeQuestion servers run Windows Server 2016. Physical server security and the security of data are ensured through several industry standard safeguards, including:
Physical security of data center
Rackspace and AWS data centers hosting EyeQuestion services are fully certified and independently audited. Specific security initiatives include:
- Staffed 24x7x365 with separate security lobby and continual surveillance. Electronic security features with card key access.
- Data center access limited to Rackspace and AWS approved personnel.
- Security camera monitoring at all data center locations with CCTV archived video as well as alarm systems.
- Unmarked facilities with confidential physical addresses (restricted to authorized Rackspace and AWS personnel).
Rackspace and AWS provide several network protection and firewall systems including:
- Redundant Cisco 3-tier LAN Architecture
- Zero-Downtime NetworkTM guarantee protected by a Cisco ASA 5505 dedicated firewall
- Port Monitoring Service
- Anti-virus protection with the EyeQuestion servers running the latest versions of Clamwin anti-virus with anti-virus signatures updated daily.
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) mitigation services based on Rackspace’s proprietary Rackspace PrevenTierTM system.
Hardware availability is ensured through the choice of Rackspace’s and AWS world-class data centers with redundant power and HVAC systems, and covered by a worst case scenario 1-hour Hardware Replacement guarantee ensuring that any hardware faults are repaired immediately no matter what time they may occur. There is a 2-hour commencement of onsite data restores in the event of a worst-case scenario hardware failure – ensuring that a new server is up and running again with recovered data within 2 hours.
Server availability and performance
In addition to automatic alerts, EyeQuestion approved personnel routinely checks EyeQuestion system status to ensure optimum performance. These checks include web applications, Windows services and the EyeQuestion database integrity. EyeQuestion uses Rackspace’s Managed Services for Rackspace and AWS which continuously monitors the availability of all standard ports, CPU, Memory, Disk space and if any test fails the 24x7x365 support staff will initiate an automatic restart of the server. Cloudflare is used to ensure a fast, reliable content delivery network with added CDN, DNS, DDoS protection and security.
Data redundancy, backup and restore
EyeQuestion makes use of Rackspace and AWS Managed Backup facility. This fully managed nightly backup over a dedicated GigE backup network and uses an integrated system of Daily and Weekly Encrypted Backups and System images. All daily backups are retained for 30 days, weekly backups for 60 days. System Images are created daily as well as weekly and are retained for 7 days.
Many parts of EyeQuestion’s own disaster recovery plan are also covered by our data center supplier – Rackspace and AWS. This includes automatic replacement of faulty hardware, data recovery and restarting of servers by the 24x7x365 support staff at Rackspace and AWS.
The EyeQuestion application is written in Java and runs on a Windows and Linux Server, using Apache Tomcat and MySQL. Systems are installed using patched Operating Systems. All updates are tested prior to installation to ensure full compatibility with the EyeQuestion software.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if EyeQuestion learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices and/or posting a notice on our website if a breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. As a user of EyeQuestion, you should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of survey responses, but it is your responsibility as a EyeQuestion user to ensure that your surveys are configured to use this feature where appropriate.
For specific security questions or custom security requirements please contact our Support team on [email protected]