Security

Data protection

SmartConsultations will not, under any circumstances, use the information collected from our members' surveys in any way. In addition, any other material you provide us (including images, email addresses, etc.) will be held in the strictest confidence. All data is stored on our UK/EU-based servers. We will not collect personally identifiable information about you except when you provide this information to us on a voluntary basis. We will make every effort to ensure that all information you provide is maintained in a secure environment.

ISO27001 Certification

SmartSurvey, The company behind SmartConsultations, is ISO27001 certified and fully compliant with the internationally recognised standard for the information security management system (ISMS). The standard requires systematic examination of any risks to information security, with comprehensive policies to manage those risks put in place. By continuously updating our data security policies we ensure that we are a proactive organisation, not a reactive one.

Accredited certification to ISO27001 validates that we are following international information security best practices. This demonstrates to our customers worldwide that we take the security of their data very seriously. Certification to ISO27001 ensures that all our client’s information is kept secure and shows our ongoing commitment to delivering an exceptional service.

What is Cyber Security?

With the rapid development in technology, cyber security is critical for the safeguarding of your data. At SmartConsultations we recognise the importance of protecting systems, networks and data in cyber space and are proud to be fully Cyber Essentials Plus certified.

The Cyber Essentials Plus Scheme

Developed by the UK Government, the Cyber Essentials scheme, has been designed to prevent the most prevalent forms of cyber attacks. The Cyber Essentials Plus scheme provides a higher level of assurance, tested by a qualified and independent assessor who simulates basic hacking and phishing attacks and is now a minimum requirement for bidding for some government contracts.

5 key controls required help to protect against internet-based attacks:

• Secure configuration
• Boundary firewalls and Internet gateways
• Access controls and administrative privilege management
• Patch management
• Malware protection

Public and Private Consultations

Access to consultations can be restricted to a list of your choosing, By creating a private consultation, you can control who will be able to view and participate in the consultation, by requiring a login.

Firewall

Our firewall is set up as a separate machine that acts as a gateway for access to all other servers in our system. This firewall is designed to prevent hackers from entering the system and searching files and information. The firewall acts as a barrier so that we only have a single point of entry to our system, which is through the web browser. All of our internal databases and applications are shielded from any access outside the firewall.

McAfee secure

SmartConsultations is tested and certified daily to pass the McAfee Secure Security Scan. To help address concerns about hacker access to confidential data, the "live" McAfee Secure mark appears only when a website meets the McAfee Secure standards. Research indicates sites remotely scanned for known vulnerabilities on a daily basis, such as those earning McAfee Secure certification, can prevent over 99% of hacker crime.

Online security

This website takes every precaution to protect our users' information. When users submit sensitive information via the website, their information is protected both online and offline.

While on a secure page, such as our registration, the lock icon displayed on your web browser becomes locked, as opposed to un-locked (or open) when users are just 'surfing'. While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information offline. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information.

Furthermore, all employees are kept up-to-date on our security and privacy practices every quarter, as well as any time new policies are added. Our employees are notified and/or reminded about the importance we place on privacy and what they can do to ensure our users' information is protected. Finally, the UK/EU-based servers that store personally identifiable information are in a secure environment, in a locked facility. If users have any questions about the security policies and processes in place, users can send an email to [email protected].