Information Security Policy

Overview

We are committed to industry best practice when it comes to preventing loss, misuse, alteration, unauthorized access, or unlawful or unnecessary processing of the information we collect as part of our surveys.

For example, we:

  • make use of encryption technology as appropriate;

  • use appropriate network access control technology to limit access to the systems on which survey data is stored; and

  • monitor for possible vulnerabilities and attacks.

Unfortunately we cannot guarantee that the technical, physical and organizational measures we take will prevent every security threat. You will be notified immediately in the event there has been a material breach of security which resulted in the unauthorized disclosure of your organizational data.

 

What is Expected of You

To help maintain the security of information you provide to Presage, please follow these rules:

  • Keep your personal passwords private; change passwords from time to time; and, make sure passwords are sufficiently complex.

  • You should promptly notify us if you need to deactivate a login or account to prevent unauthorized access to unused/dormant accounts.

  • You should notify us immediately if you observe any suspicious activity on any one of your organization’s account.

 

Physical Security

We use only premier datacenter facilities for running our infrastructure. Each site is staffed 24/7/365 with physical access controls and security guards to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards in Canada, United States, and Europe.

 

Server Security & Employee Access

Server security and data integrity is of the utmost concern at Presage. As a result none of our technical support staff have any direct access to the backend systems and databases, nor direct access to the storage systems where backup database/server images reside. Only our engineering team has direct access to the backend servers.

 

Communications

All communications with Presage are transmitted over SSL (HTTPS), assuming support on the client, for both access to public and private surveys, as well as the Insights Reporting Portal.

 

Backup Security

Database backups, including raw survey data, are stored on a non-publicly visible cloud storage service in Canada and the USA. Access to these backups is limited strictly to those on our engineering/operations team.

 

Survey Data

Survey data is collected and stored on internal non-publicly accessible industry-standard database management systems. Access to these databases is limited to our data analysts and engineering team. All access is controlled via a SSH (secure shell/encrypted) channel. Any local copies of survey data are deleted immediately after use.

 

Data Retention

Database backups are retained for a maximum of 2 years. At the termination of your account/agreement, we will retain and use copies of your raw survey data for a maximum of five years. Aggregate/report data will be retained for an indefinite term.

 

Comments and Questions

If you have any questions, comments or concerns about our Information Security Policy, you may contact us at the following address:

Presage Group Inc.
2070 Hadwen Road, Unit 102
Mississauga, Ontario
L5K 2C9