Security, Compliance and Privacy

SelectSurvey.NET is designed for large enterprises, therefore has built in tools for setting permissions, user roles, and managing global security settings and logging.

SelectSurvey.NET has built in automatic threat detection, encryption of data, and question types that require acknowledgement of gathering any personal data.

SelectSurvey.NET sells two different types of products, "On-Premise" which clients install on their own servers, and "Private Cloud" which are on our private cloud services segregated from any other data.

ClassApps takes privacy and security seriously, and continues to innovate ways to keep your data safe.

PRIVACY

PRIVACY POLICY

COMPLIANCE

Note that if you are using outdated versions of the "On-Premise" software that you install on your own server, or your support is expired, you may not have the latest product security updates. We highly recommend that you apply all security patches and updates available to more safely interact with the latest online browsers and devices.


General Data Protection Regulation (GDPR) Compliance


SelectSurvey.NET On-Premise Software
  • Make sure you are using the latest version of the software.
  • Ensure that the "Enforce SSL" setting in admin tools is turned on.
  • Ensure that the encryption flag in the web.config is turned on.
  • Ensure that you have a firewall in place.
  • Ensure that you have antivirus in place.
  • Ensure that all windows updates have been installed on the web server and database server.
  • Ensure that your database is encrypted and backups are encrypted.
  • Ensure that your permissions and settings on the web server follow Microsoft's best practices.
  • Ensure that staff are properly trained in GDPR guidelines and that you follow GDPR guidelines internally.
  • Activate Microsoft SQL TDE (more info: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017)
SelectSurvey.NET Private Cloud SaaS
  • Train staff how to use an "informed consent" required question type before asking for any personal data.
  • Train staff on the GDPR guidelines.
  • Contact us with any concerns.

Health Insurance Portability and Accountability Act (HIPAA) Compliance


SelectSurvey.NET On-Premise Software
  • Make sure you are using the latest version of the software.
  • Ensure that the "Enforce SSL" setting in admin tools is turned on.
  • Ensure that the encryption flag in the web.config is turned on.
  • Ensure that you have a firewall in place.
  • Ensure that you have antivirus in place.
  • Ensure that all windows updates have been installed on the web server and database server.
  • Ensure that your database is encrypted and backups are encrypted.
  • Ensure that your permissions and settings on the web server follow Microsoft's best practices.
  • Ensure that staff are properly trained in HIPAA guidelines and that you follow HIPAA guidelines internally.
  • Activate Microsoft SQL TDE (more info: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-2017)
SelectSurvey.NET Private Cloud SaaS
  • Train staff how to use an "informed consent" required question type before asking for any personal data.
  • Train staff on the HIPAA guidelines.
  • Contact us with any concerns.

SECURITY

SYSTEM STATUS


SelectSurvey.NET On-Premise Software
  • Ensure that error logging is turned on in admin tools.
  • Verify admin tools settings for forgot password action.
  • Train staff on how to monitor application function via built in admin tools.
SelectSurvey.NET Private Cloud SaaS
  • Automatic threat protection.
  • Automatic virus protection.
  • Automatic error logging.
  • Automatic SQL injection checking and logging.
  • Automatic Login failure logging.
  • Automatic blocking of multiple failed logins.
  • Automatic XSS script attack logging.

DATA PROTECTION


SelectSurvey.NET On-Premise Software
  • Turn on encryption option in web.config
  • Make sure your database is configured to encrypt data and all backups
  • Ensure admin tools is configured to not display IP addresses
  • Ensure that permissions in SelectSurvey.NET such as survey owners, etc. are on a "need to know" basis.
SelectSurvey.NET Private Cloud SaaS
  • All personal data is anonymized
  • All personal data is encrypted
  • All backups are encrypted
  • All data is private
  • Data is destroyed when no longer used
  • Data breach processes are in place for notifying authorities
  • Utilized the in-app object level permissions to restrict permissions wherever possible
  • Ensure that permissions in SelectSurvey.NET such as survey owners, etc. are on a "need to know" basis.