Valid Pre 27 October 2019

Web Survey Creator takes data security very seriously. We make every effort to ensure that your data is kept secure and that we collect and store only the personal information required to administer your account and make your use of the software as efficient as possible. We have detailed below all steps taken by us to ensure the security of your data.


Storage and Security of Personal Information


At any time that Web Survey Creator has possession or control of a record that contains personal information, we ensure:


(a) that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and
(b) that if it is necessary for the record to be given to a person in connection with the provision of a service to Web Survey Creator, everything reasonably within the power of the Web Survey Creator is done to prevent unauthorised use or disclosure of information contained in the record.


We have in place appropriate disposal arrangements for records containing personal information. Destruction of records is secure.


Application and User Security


Web Survey Creator uses advanced commercially available technology to secure each user's internet session.

  • When a user registers with Web Survey Creator they must create a unique username and password that must be entered each time they log on.
  • User data in the database is segregated logically by user account based rules. User accounts have unique usernames and passwords that must be entered each time the user accesses the system.
  • User passwords have requirements for complexity and length and are individually salted and hashed.
  • Each secure area of the site (eg credit card pages) uses Secure Sockets Layer (SSL) technology to protect user data
  • All sensitive data such as credit card details and passwords are always transmitted over encrypted and secure SSL connections.
  • Users can elect to enable SSL each time they log in.
  • SSL can be enabled so that responses submitted by survey respondents are transmitted over a secure and encrypted connection.
  • All credit card information is transmitted via SSL to our payment gateway provider, SecurePay, where it is securely stored.
  • SecurePay holds the highest level of PCI DSS accreditation - strict global security standards to ensure this information is properly protected.
  • No credit card information is stored in our database except for the expiry date and last 3 digits of the card to assist you in identifying the card used.



Physical Security


Entrance


  • Entrance barriers control vehicle entry
  • Revolving access doors with personnel security trap
  • Door access controls on all technical area


Access Requests


* Online self service portal based system


CCTV Monitoring


  • Full coverage of exterior, entryways, lifts, stairs and site interior
  • 28-day digital system access with fully staffed security control room
  • Proximity access control system for entrance, exit and lifts


Alarm Systems


  • Intrusion detection on all doors, glass breakage sensors and motion detectors for CCTV


Building access


  • Articulated truck access to delivery zone.
  • Loading bay, goods lift with 10,000 kg capacity to all technical floors
  • Secure storage area, staging area



Network Availability


  • 24x7 Monitoring of Network
  • Redundant Cisco Powered Core Network
  • Multiple Upstream Transit Providers using BGP4 for Reliability and Speed
  • Multiple Upstream Building Entry Points (North and South) from Diverse Fibre Rings
  • Gigabit Switching Network
  • Tier 3.5+ Rated Data Centre- the highest rated data centre location in Sydney, Australia



Network Security


  • Border protection provided by highly available, industry recognised, stateful inspection firewalling.
  • Adaptive core networks allow for dynamic responses to external threats.
  • Regular security patching and auditing ensure minimum vulnerability footprint on OS layer.



Digital Data Storage Security


  • Data stored on fully redundant, fault tolerant disk subsystems
  • Continuous data protection offered from daily, 90 day retention backups to physically disparate devices



Software Development Practices


  • We code in Microsoft technologies including C#
  • Our engineers use best practice and industry standard guidelines for software development and security of code



Handling of security breaches


No method of communication or transmission over the Internet is perfectly secure despite everyone's best efforts. Whilst we cannot guarantee absolute security, if Web Survey Creator learns of a security breach we will notifiy affected uses so that they can take appropriate protective steps. Notififcation procedures include providing email communications and/or placing notices on our website if a breach occurs.


Further Security Information


If you have any concerns or questions, please contact us.