SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one of our offices. Details can be found at www.snapsurveys.com or under About Snap in the Help menu of the software.
snap CONTENTS POLICY INFORMATION 3 SNAP WEBHOST SECURITY SUMMARY 4 THE SNAP WEBHOST SECURITY POLICY 5 Information policy for Snap WebHost... 5 Possible threats which have been considered...5 The Snap WebHost software... 6 The Snap WebHost service... 6 Snap WebHost service resistance to environmental threats...6 Snap WebHost service resistance to software threats...7 Data integrity and availability...8 References... 8
POLICY INFORMATION Organization Snap Surveys Ltd Registration no: ( under data protection act) Z6415584 Scope of policy This policy applies to all offices of Snap Surveys Policy operational date September 2009 Policy prepared by Rachel Ganz Policy document reference V4/R Ganz/23/7/2015:10:39 Policy review date 2017 Classification Public 3
Snap WebHost Security summary SNAP WEBHOST SECURITY SUMMARY ISO 27001 Security certification EU (London, UK) and US based SAS 70 / SSAE 16 certified data centres Secure, encrypted questionnaire and report delivery via https All data encrypted at rest Permanent malware scanning Latest security updates applied Daily vulnerability scans Daily backups Strong user password policy Optional questionnaire login ID / password 4
THE SNAP WEBHOST SECURITY POLICY 5 The Snap WebHost Security Policy is based on the ISO/IEC 27000-series standard. This ensures that: Snap and Snap customers have business continuity in the case of major failures and disasters Access to information and information systems is controlled, and information is secure when in transit. The likelihood of user data being modified, lost or misused by unauthorized people is minimized. Snap staff are trained in the security policies to minimize possible damage from any errors or malfunctions. Risk assessments include: What are the threats to the resource? Examples of threats could be environmental (such as a power failure) or malicious (such as data theft) How vulnerable is the resource to those threats? How valuable is the resource to ourselves and to others? Would its loss or damage cause significant harm? Risk avoidance has been balanced against risk management to ensure an effective solution which balances ease of use with data and software security. Snap has achieved ISO 27001 security certification. Information policy for Snap WebHost The data on Snap WebHost is critical to Snap and our customers business. Snap WebHost is software that runs on a web server. It therefore has two levels of security: that inherent in the Snap WebHost software that dependent upon the way the Snap WebHost software has been installed and the security of the underlying web server. Since it is the web server that manages the connections to the outside world, the web server and installation security are critical to the security of Snap WebHost This document describes the systems in place to ensure the confidentiality, integrity and availability of data on Snap WebHost and the Snap WebHost service provided by Snap. Possible threats which have been considered To maintain data integrity, the following risks should be considered. The Snap WebHost service is resistant to all these threats. When customers install their own copy of Snap WebHost, they should check that their installation meets these standards. The data can be lost. This could be due to: Malicious attack on software Theft etc or hardware damage Environmental damage (power outage etc)
The Snap WebHost Security Policy Act of God (lightning strike etc) Human error (deleted, overwritten etc) The data could still be retained but be copied or stolen: By people external to the organization By people internal to the organization The Snap WebHost software Software service security Snap WebHost consists of an administration service, a respondent service and a mailer service, all of which are managed by a control service via Windows SCM (Service Control Manager). All services access the same survey data minimising duplication. All data is encrypted at rest. Snap WebHost uses web servers based on Microsoft's IIS Web server software in secure mode. The encryption level is set by the installer. Login passwords to Snap WebHost must be six or more characters which include upper and lower case characters and at least one digit. Respondent data security Respondent data is stored in a proprietary database and only accessible via specific gatekeeper scripts requiring authenticated sessions. Since respondent replies are not held in a SQL database, no respondent SQL injection attacks are possible. Respondent data is encrypted at rest The Snap WebHost service Snap runs the Snap WebHost service in conformance with industry standards. The Snap WebHost services reside on a single machine, communication between them is internal to the machine. Snap WebHost service resistance to environmental threats The Snap WebHost service is resident on a server hosted by Rackspace. (http://www.rackspace.com) Rackspace is Quality assured with ISO 9001:2000 accreditation. is an authorized user of the N3 (NHS requirement) and has fulfilled Statement of Compliance with Connecting for Health. meets the Auditing Standards (SAS) number 70, Service organisations, SAS 70 Type II and has ISO 27001 registration. Rackspace maintains the physical and environmental security of the data. The server is monitored by CCTV 24/7. 6
7 Access to the server is restricted to trained and security-checked operations engineers with pass card and correct biometric ID. Air is circulated and filtered every 90 seconds. There are duplicated heating, ventilation and air controls to ensure that there is a system on standby ready to take over in case of failure. An advanced fire-suppression system is installed. The system runs on an uninterruptable power supply with regularly tested back-up generators. It guarantees uninterruptable access to the data. Disaster Recovery In the event of any level of service disruption, Rackspace ensures support, communications and infrastructure continuity to allow customers to maintain operational effectiveness. All offices contain personnel that are critical to the support of customer s hosted infrastructure A customer care call center is maintained and staffed 24/7/52 Key personnel can be relocated and have the ability to support through VPN for secure remote access. Phone and email systems have been architected to provide redundancy and high availability in the event of disaster Data centers are equipped with the required components to remain operational such as: diesel generators to lessen the risk of long term utility power failures fire detection and suppression systems to appropriately contain the threat of fire heating ventilation air conditioning units to ensure consistent temperature and humidity. Periodic backups are performed to ensure customers meet their RTO. Offsite tape rotation is also offered. Fully redundant Cisco routing and switching equipment is utilized for its core networking infrastructure. Snap WebHost service resistance to software threats Prevention of unauthorized software access to the machine The machine is behind a firewall which ensures that ports are protected. Strong virus-protection software is used. Permanent malware scanning is used. Daily vulnerability scans are carried out. Latest security updates are applied. Security of data communication The Snap hosted Snap WebHost server uses High-grade encryption on Internet connections. All data uploads and downloads are carried out using SSL (https). All direct communication with Snap WebHost core service is carried out using SSL (https)
The Snap WebHost Security Policy Security of researchers' passwords is dependent on the Snap WebHost installation. The Snap hosted Snap WebHost imposes strong password requirements. Communication with respondents on the Snap hosted system is via SSL (https). Researchers can specify a login for data subjects to complete a specific survey. There are no Snap WebHost requirements on the security of this password. Data integrity and availability The Snap WebHost server is backed up nightly and stored in a secure facility in a separate location. Electronic records are maintained until deleted by the client. Records that have been deleted in error, overwritten or corrupted can be restored to the previous day's values within 24 hours. Snap WebHost service is available 24/7. The hardware and supporting systems are monitored and service checked every 5 minutes. Snap WebHost software is checked every 10 minutes. In both cases, if a fault is identified, an engineer will be informed immediately. References Information security policy is covered by the standards: ISO/IEC 27000-series (equivalent to BS7799 in the UK) See: http://www.iwar.org.uk/comsec/resources/bs7799/works.htm http://security.practitioner.com/introduction/ http://en.wikipedia.org/wiki/iso/iec_27001 WG3 standards: 15408 Evaluation criteria for IT Security 18045 Methodology for IT security evaluation Both available via: http://standards.iso.org/ittf/publiclyavailablestandards/index.html U.S. Acts that have applications in particular areas Sarbanes-Oxley Act and Gramm-Leach-Bliley Act (Applies to US banking) Full text of Sarbanes-Oxley Act at: http://www.legalarchiver.org/soa.htm 8