Platform Security Policy

Survey platform users

Realworld Employee Surveys’ principal business offering is the provision of employee surveys and 360 degree feedback. These services are provided under contract whereby Realworld Employee Surveys operates as a data processor with the client organisation acting as data controller. In all such cases, Realworld Employee Surveys will implement all necessary operational and technical risk reduction and security measures appropriate for the risk profile involved. Responsibility for determining the legal basis for processing this personal data lies with the data controller, with Realworld Employee Surveys operating on the direct instructions of the data controller.

We provide our client users with access to our survey platform. In order to set up this access we will collect users’ names and email addresses.

Where we are administering surveys or 360 degree feedback our clients will provide us with the names and email addresses for survey recipients. We will then load this information into our survey platform to enable us to send out survey invitations. Some of our surveys may also require us to collect additional work-related information about survey recipients such as work location, job role and other demographic data such as age, gender and ethnicity etc. The client will act as Data Controller and the data we collect will be specified by the client. We will act as Data Processor for the client.

Data security

We employ comprehensive, reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal information we process. This includes organisational security (passwords and access controls), physical security (data centre protection) and IT security (encryption). Please note that no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer over the Internet to us.

CyberEssentials Plus Certified Logo

We are accredited with CyberEssentials+, which provides a level of compliance with best practice data security as a business.

The technical overview of the security employed by our survey platform is as follows:

Private Virtual Cloud Environment

  • Solution Location:  Secura London1 Data Centre (Enfield)
  • Solution Overview:  Secura has built Skyron an advanced private cloud infrastructure within a multi-tenant environment. The solution includes:
  • a virtual machine environment including production web and database servers and virtual test machines
  • a SQL Availability Group Cluster for failover functionality
  • full onsite and offsite backups
  • a high-throughput, secure firewall

Credentials

  • High availability with automatic recovery from server failure
  • Ultra-secure facilities, that provide 100 per cent uptime
  • Guaranteed compute and storage performance levels
  • Certification:
    • BREEAM Good
    • ISO 9001:2008 – Quality Management
    • ISO 14001:2004 – Environmental Management
    • ISO 27001:2013 – Information Security Management
    • ISO 50001:2011 – Energy Management

General Hosting Details

  • Boundary protection is in place on all systems with a connection to an untrusted network
  • Data centre offers N+N redundancy on UPS, and N+1 on all other critical services
  • Timely patching is applied against known vulnerabilities
  • Systems are protected from malicious and mobile code
  • Software and hardware is locked down to restrict unnecessary services
  • Secura Managed Alert Logic Threat Management Intrusion Detection Service (IDS) and Alert Logic Log Manager / Review
  • Proactive patching solution with automated updates applied upon release
  • Pingdom alert monitoring for all sites and services

Physical Security

  • Secured 24x7x365 with full authentication & access policy control and the latest physical security measures.
  • 24/7/365 on-site security team
  • 3 metre high perimeter fence
  • Manned vehicle entry gate to site
  • Internal and External IP CCTV with complete site coverage
  • Full authentication & access policy control
  • Security bollards, biometric entry system

Firewall / Network Specification

  • Clustered Virtual Firewall Appliance
  • Private 10Gbps network diversely connected to multiple providers for a blended, resilient Internet feed.
  • Access to a variety of tier 1 and 2 connectivity providers
  • Diverse fibre entry points to the site
  • Interconnection with major European internet exchanges
  • Fully managed with 24×7 monitoring

Resilience:

  • The data centre infrastructure underpinning the Virtual Private Cloud platform includes some of the UK’s most advanced, secure facilities used by leading banks, cloud vendors, systems integrators and telecommunications companies.
  • These multi-million pound facilities offer resilient connectivity with no single points of failure and the very highest levels of security and safety accreditation.
  • There is a 10Gb/s network underpins this infrastructure, providing robust, high performance connectivity between their data centre sites across the UK, with diverse 10G fibre connections and resilient routing in each location.

Scalability

  • The Virtual Private Cloud hosting offers scalability and security, where hosting resources can be scaled up and down with just a few mouse clicks. CPU, RAM and server storage capacity can be added within minutes to shape cloud platforms around any given, changing businesses requirements utilising the latest VMware technology