Security policy

Updated January 2024

Surveypal Commitment to Security

  • Surveypal is in business of providing customers with efficient and secure customer feed-back solutions.
  • Surveypal continuously works on implementing accepted industry practices to protect customers’ data and Surveypal service against security threats and malicious actors.
  • Surveypal continuously analyses security risks and makes decisions of which risks require mitigation actions and which risks can be accepted.
  • Surveypal continuously improves the resilience of its IT infrastructure by using accepted industry practices to implement secure and resilient cloud-based solutions.
  • Surveypal continuously improves its processes to respond to and to recover from incidents and unforeseen changes in environment.
  • Surveypal continuously improves its security solutions – the whole organisation is committed to the continuous improvement of security.

Surveypal Information Security Management System (ISMS)

  • Roles and responsibilities of information security shall be defined and communicated to the whole organisation.
    • Surveypal management team has the responsibility for establishing and managing security
    • One member of the management team is named as Chief Security Officer, who is responsible for the information security risk analysis and for the continuous improvement of information security controls
  • Business requirements for availability and integrity shall be met
    • Surveypal IT infrastructure is protected against attacks
    • Surveypal continuously improves secure and resilient infrastructure
  • Confidentiality of information is protected
    • Access to information is controlled with accepted industry practices
    • Encryption is used to protect sensitive data at rest and data in transit

Security and Privacy Governance

  • To guarantee the continuous improvement of security, Surveypal has implemented an Information Security Management System (ISMS) in line with the ISO27001 standards.
  • Surveypal’s ISMS implementation covers the entire operations of the company.
  • Surveypal has implemented a security governance process, which sets the information security objectives to protect the confidentiality, integrity, and availability of the company’s business operations and decides the best methods to achieve the objectives.
  • Surveypal continuously analyses security risks and decides which risks require mitigation actions.
  • To mitigate information security risks, Surveypal has implemented information security controls according to accepted industry best practices.
  • Surveypal maintains a security awareness training program for employees and sub-contractors

Identity and Access Management

  • Surveypal manages and stores customers’ user credentials in a secure way
  • Surveypal employee and sub-contractor digital identity creations and removals are done in a controlled and secure way
  • Surveypal uses accepted industry practices to manage the online authentication of its own employees and sub-contractors
  • Authorisations are based on work duties, and principle of least privileges is used

Security Incident Handling

  • Surveypal has implemented security incident handling process as part of customer support processes
  • If the investigation of a potential security incident leads into a conclusion that the incident must be treated as a security incident, the process includes the following mandatory steps
    • If any customer data has been involved, the affected customers will be informed
    • In case of data breach, Surveypal will also inform relevant local authorities if required

Secure Technology Platform

  • Surveypal service is developed and managed in a secure cloud environment, which enables fast and efficient disaster recovery
  • Surveypal manages backups of customers’ data according to accepted industry practices
  • Surveypal manages the set-up of software assets and databases securely and according to accepted industry practices
  • Surveypal uses encryption to protect sensitive data at rest and in motion
  • Surveypal manages security patching and software upgrades of the service implementation in a systematic and timely manner.
  • Surveypal continuously improves its security testing practices towards accepted industry practices – this includes periodic vulnerability scans and continuous security testing
  • Surveypal manages endpoint security of laptops and mobile phones according to accepted industry standards – this includes secure asset management and anti-virus solutions.