CIOPulse has passed the security reviews of many organisations, including those in the finance and defense sectors who have particularly tough security standards.
CIOPulse has successfully passed these reviews because the data we store (internal customer feedback on IT performance) is not sensitive and has no value to nation states, organised crime or malicious hackers.
We store less data about your IT staff than is available/derivable from public sources like LinkedIn.
Our security controls are commensurate with this degree of risk.
What information does CIOPulse store?
CIOPulse stores the following information:
- Name and work email address for any IT support lead/manager who wishes to receive feedback about their team.
- Work mobile number for any IT support lead/manager who wishes to receive SMS alerts relating to customer feedback. This is optional.
Only a small number of your staff (usually one or two) can access/maintain this contact information - your nominated CIOPulse administrators.
CIOPulse collects feedback via three different survey types:
- Transactional Surveys
- Relationship Surveys
- Compliments, Complaints & Suggestions
For each completed Transactional Survey, CIOPulse stores:
- Ticket ID, rating and verbatim feedback.
- An identifier for the customer who completed the survey.
- A unique identifier for the agent who completed the ticket.
CIOPulse does not store any credit card information, addresses or any other personal information apart from the above.
Here are some examples of the agent and customer identifiers that you could choose to store with each completed survey:
| Scenario | Agent | Customer |
|---|---|---|
| We're very uncomfortable about even low-value data being stored by CIOPulse. We're happy to forgo some functionality of CIOPulse in order for all feedback to be completely anonymous. If we want to know who provided feedback and who it was about, we will look this up in our customer support system manually. | No-agent | No-customer |
| We would like to be able to identify exactly who provided the feedback and who it was about. However, we do not want CIOPulse to be able to identify who these people are. If we want to know who provided feedback and who it was about, we will look this up in our customer support (or HR system) manually. (CIOPulse does not store any look-up information that can translate a code into a person). | EID01234 | EID98765 |
| We would like our CIOPulse reports, displays and dashboards to display information about the agent and customer without us needing to do any manual look-ups to find out who the feedback was about or who provided the feedback. We prefer for work email addresses not to be stored in CIOPulse. | Adam.Agent | Carole.Customer, or Carole* *Unlike Agent, Customer does not have to be unique and so a first name is acceptable |
| We are not concerned about CIOPulse storing the work email addresses of our employees. This information is public anyway, e.g. via LinkedIn. | [email protected] | [email protected] |
In the CIOPulse Portal, there is a Preference setting called "Remove Email Domain?". Setting this to 'Yes' allows you to use full email addresses in the CIOPulse survey URL (in the Customer and/or Agent parameters). In this case CIOPulse will strip out the "@" symbol and everything to the right of it, and only store what is left. For example, if the survey URL includes &[email protected], CIOPulse will only store carole.customer.
For each completed Relationship Survey, CIOPulse stores:
- Rating and verbatim feedback.
- An identifier for the customer who completed the survey. For anonymous surveys, "No customer" can be stored instead of an identifier.
- Survey invitee email addresses can (optionally) be uploaded to CIOPulse if you want CIOPulse to send out survey invitations. These are encrypted at rest.
For each completed Compliment, Complaint or Suggestion, CIOPulse stores:
- Verbatim feedback.
- Optional contact information for the person who provided the feedback (if they chose to provide it).
Where is CIOPulse data stored?
The CIOPulse database and core application runs out of an ISO27001 certified Equinix Data Centre in Sydney, Australia.
The CIOPulse survey engine runs off entirely separate infrastructure running on AWS in North Carolina and managed by our partner, Typeform.
Survey data is captured and then immediately transferred from AWS in North Carolina via HTTPS for permanent storage on our database in Sydney.
Raw survey data is stored on AWS for up to one week (maximum) for data redundancy purposes. It is then permanently deleted.
The AWS-based Typeform survey engine is currently being replaced with an in-house survey engine running out of Sydney, Australia. This work is expected to be completed in 2021.
How is the information secured?
- Our server is physically monitored 24/7.
- Our server is part of a cluster of servers enabling near-real-time failover to another server should our primary server fail.
- Daily backups are taken of all data (RPO and RTO = 24 hours).
- All backups are encrypted.
- User passwords are encrypted.
- Server data integrity is checked nightly to ensure a secure and protected file system.
- Network vulnerability is performed no less than annually.
- The database is firewalled off from the outside world and can only be accessed by localhost or from managed range of IP addresses.
How does access control work?
- Administrators access the Portal (used to configure CIOPulse) with a user profile protected via a 14-character-minimium passphrase and two-factor authentication. After 3 failed log-in attempts, an increasing amount of time is required between subsequent attempts.
- Master Administrator registrations are approved by CIOPulse staff. Supporting Administrator registrations are approved by Master Administrators.
- We regularly and randomly review access logs.
Access to CIOPulse information can be secured by your CIOPulse administrator using one or more of these methods:
- Single Sign-On. Access to CIOPulse information will require permission from your own SAML2.0-compliant authentication system.
- Email address. User enters their email address and CIOPulse emails them a verification code that must be entered before access is granted.
- Access code. Anyone requesting CIOPulse information will be required to enter an access code (a shared password) that is managed by your Administrators.
- Pre-authorised IP address ranges. CIOPulse information will only be displayed on devices from an authorised IP address.
The diagram below shows the methods available to you:
Unlike normal CIOPulse users, CIOPulse administrators have their own security credentials (email address and password, plus two-factor authentication ) that they use to log in to the CIOPulse administration portal. Administrators bypass all the security controls shown in the diagram above.
Single Sign-On is available for clients on our Corporate Plan (or above). Turning on Single Sign-On requires us to collaborate with your own Information Security staff, e.g. to conduct testing. If you are interested in turning on Single Sign-On, please contact us at [email protected].
How are sessions secured?
All CIOPulse information is accessed (and transferred) via HTTPS.
User session data is stored on the server.
How is your desktop environment secured?
No sensitive data is stored on desktops or ever printed out.
Our desktops are secured via login password, auto-screen lock, antimalware, antivirus, firewall and Bitlocker encryption (storage encrypted at rest).
Access to our servers from the desktop environment is over secure VPN.
What is your production patching policy?
Zero Day patches are applied same day. Other critical patches are applied daily. Non-critical patches are applied monthly.
When do you delete data?
- All client data is deleted within 90 days of termination of a subscription, or sooner upon request.
- Clients may download all their data in CSV form at any time, or may request us to provide them with a CSV download prior to data deletion.
- In accordance with the General Data Protection Regulations (GDPR) of the European Union (EU), EU citizens may request for personally identifiable data (e.g. as a survey respondent, or as the subject of a survey) to be removed. In this case, as the "data processor", we will act on the instructions of our client (the "data controller").
Do you have a Privacy Policy?
Yes, our Privacy Policy can be found here.
We do not use any data for marketing purposes. We do not release customer information to third parties.
Do you have an Information Security Policy?
Yes, our Information Security Policy is attached below.