Information Security Policy
We are committed to industry best practice when it comes to preventing loss, misuse, alteration, unauthorized access, or unlawful or unnecessary processing of the information we collect as part of our surveys.
For example, we:
make use of encryption technology as appropriate;
use appropriate network access control technology to limit access to the systems on which survey data is stored; and
monitor for possible vulnerabilities and attacks.
Unfortunately we cannot guarantee that the technical, physical and organizational measures we take will prevent every security threat. You will be notified immediately in the event there has been a material breach of security which resulted in the unauthorized disclosure of your organizational data.
What is Expected of You
To help maintain the security of information you provide to Presage, please follow these rules:
Keep your personal passwords private; change passwords from time to time; and, make sure passwords are sufficiently complex.
You should promptly notify us if you need to deactivate a login or account to prevent unauthorized access to unused/dormant accounts.
You should notify us immediately if you observe any suspicious activity on any one of your organization’s account.
We use only premier datacenter facilities for running our infrastructure. Each site is staffed 24/7/365 with physical access controls and security guards to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards in Canada, United States, and Europe.
Server Security & Employee Access
Server security and data integrity is of the utmost concern at Presage. As a result none of our technical support staff have any direct access to the backend systems and databases, nor direct access to the storage systems where backup database/server images reside. Only our engineering team has direct access to the backend servers.
All communications with Presage are transmitted over SSL (HTTPS), assuming support on the client, for both access to public and private surveys, as well as the Insights Reporting Portal.
Database backups, including raw survey data, are stored on a non-publicly visible cloud storage service in Canada and the USA. Access to these backups is limited strictly to those on our engineering/operations team.
Survey data is collected and stored on internal non-publicly accessible industry-standard database management systems. Access to these databases is limited to our data analysts and engineering team. All access is controlled via a SSH (secure shell/encrypted) channel. Any local copies of survey data are deleted immediately after use.
Database backups are retained for a maximum of 2 years. At the termination of your account/agreement, we will retain and use copies of your raw survey data for a maximum of five years. Aggregate/report data will be retained for an indefinite term.
Comments and Questions
If you have any questions, comments or concerns about our Information Security Policy, you may contact us at the following address:
Presage Group Inc.
3365 Harvester Road, Suite 206