Security
At Enalyzer we do our utmost to keep our customers' data safe and our web-based survey systems accessible at any time. Therefore we have engaged with Microsoft Azure, whose cloud infrastructure supports over 1 billion customers across enterprise and consumer services in 140 countries and is backed by Microsoft's $15 billion (USD) investment in global data center infrastructure. Hence as an Enalyzer customer, you get what you should expect from a high-end web app provider. Top system performance, availability, and security, which has the best practice levels within the industry.
In the following sections, we highlight our security’s main points. Nevertheless, since we are completely transparent, you can dig deeper and learn more about our security measures by following the relevant links for more information.
Enalyzer is also independently audited, based on the ISO27001/2700 standard, in order to secure that we provide an appropriate technical– and organizational set-up.
You can access the yearly ISAE 3402 Type 2 assurance report here
Steen Ødegaard, Enalyzer CTO and Co-founder
Platform security
Enalyzer is hosted at two separate EU based data centers in Amsterdam (Netherlands) and Dublin (Ireland). Uptime is guaranteed at 99,9%. These data centers comply with premium industry standards, such as ISO 27001, and undergo continuous external auditing. Each facility is designed to run 24x7x365 and employs various measures to help protect operations from power failures, physical intrusion, and network outages.
Enalyzer also offers a variety of options to distribute e-mails, if needed. Ranging from own servers to third party vendors Mailjet (hosted in EU) and Sendgrid (hosted in the USA). They both have a high security and compliance level. For additional compliance info, please visit Mailjet and Sendgrid.
Location details on sub-processors, can be found in the Data Processing Agreement here
Azure networking provides the infrastructure necessary to securely connect virtual servers to one another and to connect on-site datacenters with Azure servers. Azure blocks unauthorized traffic to and within the datacenters by using a variety of technologies such as firewalls partitioned local area networks, and the physical separation of back-end servers from public-facing interfaces.
Enalyzer encrypts data and safeguards customer data. Enalyzer encrypts data in storage and in transit to align with best practices for protecting confidentiality and data integrity. In order to protect customers against online threats, the platform uses Antimalware for cloud services and virtual machines and uses detection and mitigation techniques to protect against DDoS attacks.
Centralized monitoring and analysis systems provide continuous visibility and timely alerts to the teams that manage the service. There are rigid controls that restrict access to Azure by Microsoft employees.Accordingly, Enalyzer also has strict internal procedures describing whom from Enalyzer can access the Azure platform, and when the Azure platform can be accessed.
Microsoft undertakes regular penetration testing to improve Azure security controls and processes.
Product security
Enalyzer systems are delivered as SaaS systems and can be accessed through any modern web browser.All users have separate usernames and passwords. Multiple failed sign-in attempts to the same account result in a temporary lockout, which is automatically reactivated after 5 minutes. Simultaneously, the account user will be informed by email about the failed sign-in attempts. Multiple failed login attempts from the same IP Address enhance the security process by using Captcha security technology.
All sign in and password information to the application is encrypted. Passwords are stored as hash values. All data sessions between the user and Enalyzer, within the application, are encrypted. Data collected from respondents is by default encrypted. Communication to the application from Enalyzer system administrators and developers is encrypted using VPN, and the communication to the Azure servers is only available from the Enalyzer office.
On the servers, logging is done on all internet traffic. All operations can be identified by a security token, that can be traced back to the individual user. For applications, logging is done on all critical operations. Each log contains information about who did what and when. The log is available to the system's administrative users.
The Enalyzer support team can only access an Enalyzer user account if the user has granted them access. Find more information about securityPrivacy protection
Our commitment to the privacy of our customer data is backed by Microsoft’s adoption of the world’s first international code of practice for cloud privacy, ISO/IEC 27018. The British Standards Institute has independently verified that Azure is aligned with the ISO 27018 code of practice for the protection of personally identifiable information in the public cloud. Data is stored in the EU (Netherlands and Ireland) and Microsoft has undertaken contractual privacy commitments that help assure that privacy protections in the Azure platform are strong. Among the many commitments supported are:- - EU Model Clauses. EU data protection law regulates the transfer of EU customer personal data to countries outside the European Economic Area. Europe’s privacy regulators have determined that the contractual privacy protection Azure delivers meets current EU standards for international transfers of data.
- - ISO/IEC 27018, which was developed to establish a uniform, international approach to protecting the privacy of personal data, stored in the cloud.
- - Enalyzer’s own Privacy Policy also describes actions taken towards safeguarding privacy.
Find more information about privacy protectionCompliance
Our platform meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards including Australia CCSL, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits verify Azure’s adherence to the strict security controls these standards mandate. As part of our commitment to transparency, you can verify our implementation of many security controls by requesting audit results from the certifying third parties, or through your Enalyzer account representative. Find more information about compliance