We know your data is extremely important to you and your business. This resource outlines safeguards, supporting documentation, and compliance links when formal certifications or attestations may be required.
The Vurvey infrastructure is architected to be an enterprise-ready, secure, and high-performance SaaS environment to provide a scalable place for companies to co-create together with their customers. In addition to the security provided by the Vurvey hosting environment, there are additional security measures built into the platform including:
Single sign-on (SSO)
Two-factor authentication (2FA)
Sophisticated user permissions
Activity stream (for audits)
History of all changes (for audits)
Passcodes to secure surveys and presentations
Data encryption at rest
Encryption and Access
We encrypt communication between customers, creators, and our data centers through strong encryption. Every login and in-app page in Vurvey are secured through SSL. All data is encrypted at rest using AES-256 encryption. In addition, we employ a dedicated network service and firewall to block unauthorized access. In addition to encryption, we enforce access controls for all employees. Vurvey employees are not able to access customer or creator data, unless specifically authorized to do so for support.
Data Compliance
The Vurvey cloud infrastructure is housed in Google data centers. This level of data center security allows Vurvey to be compliant with the highest industry standards.
ISO/IEC 27001: ISO 27001 provides the requirements for an information security management system (ISMS), specifies a set of best practices, and details the security controls that can help manage information risks. [View report]
ISO/IEC 27017:2015: ISO 27017:2015 provides guidelines for information security controls applicable to the provision and use of cloud services. [View report]
ISO/IEC 27018: ISO 27018 focuses on privacy and security controls for public-cloud service providers that process personally identifiable information (PII). [View report]
SOC 3: The SOC report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality. [View report]
CSA Star: CSA Level 1 is the CSA’s Security, Trust, and Assurance Registry Program (CSA STAR) is designed to help customers assess and select a cloud service provider. This CSA STAR Level 1 – Customer Assessment Initiative Questionnaire (CAIQ) is a self-assessment that evaluates a cloud provider against CSA’s Cloud Control Matrix. [View assessment]
All Vurvey customers can access our enterprise Trust Center, powered by Vanta.com, that includes detailed controls, third-party audits, and supporting documentation for security and compliance. To gain access, please visit https://trust.vurvey.com