ISO 27001 Certified

We are annually audited to conform with the requirements of ISO 27001:2013, covering the information security management system (ISMS) that includes the people, processes, and technology that supports our organization. When it comes to keeping information assets secure, organizations like ours rely on the ISO/IEC 27000.

PCI Compliant

Our systems are externally scanned for vulnerabilities on a quarterly basis by a PCI approved vendor. The Payment Card Industry (PCI) Data Security Standard resulted from a collaboration between Visa and MasterCard to create common industry security requirements. The Payment Card Industry’s Data Security Standards (PCI DSS) requires that all merchants processing credit cards must operate their computer systems and IT equipment in compliance with the DSS.

Third-Party Penetration Tested

Our applications routinely undergoing security ‘penetration testing’ by third-party auditors to ensure the software is adhering to the latest security standards.

Hosted Securely at AWS

We utilize the secure and scalable infrastructure of AWS to host the SureView Operations platform. To ensure application resilience the applications and database services are hosted on redundant systems in multiple AWS availability zones. For more information about security in AWS infrastructure visit AWS Security.

FAQ’s

What Data Center provider do you use?

We utilize the secure and scalable infrastructure of AWS to host the SureView Operations platform. To ensure application resilience the applications and database services are hosted on redundant systems across multiple AWS availability zones within each region. For more information about security in AWS infrastructure visit AWS Security

Where is the data stored?

During the signup process you will be able to choose US (N Virginia) or Ireland (EU) as your data storage location. The data is stored in the chosen region only and is not stored in other regions

What is your security model for user authentication?

User login passwords are checked against a salted, one-way hash and all login attempts are audited (successful and unsuccessful). A user is locked out after 6 unsuccessful attempts (lockout is reset after 30 minutes).

What protection mechanisms and techniques are utilized in your data center?

The database is in a private subnet that is not exposed to the Internet. All servers are hardened to PCI v3.2 standards and are regularly scanned for vulnerabilities by a PCI approved vendor and are 3rd party penetration tested by A-lign.

What happens if a breach occurs? How are incidents handled and how soon will we be notified?

As part of our ISO 27001 certification and in compliance with GDPR we have a policy for breach detection and response.

SureView will notify you immediately following the discovery of any incident that involves or reasonably may involve the unauthorized access, use, disclosure, or loss of any Customer Data or any other suspected breach or compromise of the security, confidentiality, or integrity of any Customer Data.

How is your service protected from disasters?

SureView Operations is hosted on redundant servers across multiple AWS availability zones within the choosen regions.

Who at SureView can access my data and/or account?

Access to the SureView Operations Databases is limited to key, senior Sureview employees only, all of which have had full background checks. 

Support Engineers may request screen-sharing sessions but will not have direct access to login to your SureView Operations account without you proactively granting permissions.

What is GDPR? and How does it affect SureView Operations?

GDPR is a European Union (EU) data protection regulation that is intended to protect personal data. It is a requirement to follow this regulation if your business, your data or your customers/end users are based within the EU.

SureView strictly follows the GDPR regulations as best practices for data protection and ensures that businesses using Sureview Operations have the tools necessary to comply with GPDR.

GDPR: SureView Operations and Browser Cookies

GDPR requires users to consent to the use of non-essential (technical/functional) cookies. Sureview OPS does not use any non-essential cookies.

One essential in-built cookie is used to for SureView user session management and one essential external-cookie is used for the documentation and interactive support for the product (hosted by zendesk.com)

GDPR: What data does SureView Operations store?

SureView Operations is designed to be able to securely store personal data (the details of which are covered in this Security FAQ). Only personal data that is required for effective security monitoring should be stored by users of SureView Operations and should be deleted (see “deleting personal data”) once the information is no longer relevant or necessary.

GDPR: Can you delete personal data? (Right to Erasure)

SureView Operations allows account administrators to permanently personal data. There are clear “delete” buttons against all entries of personal data and once deleted this information is removed from the Database and is not user recoverable.

Please note that deleting information from the live system does not remove it from previous SureView Operations daily Database backups.  These backups are stored securely and permanently deleted after no more than 7 days.

GDPR: Can you export data out of SureView Operations? (Right to Access)

SureView Operations gives the account administrators the ability to locate and export user and contact information if requested by the individual within the “Users” and “Contacts” pages.

The ability to access and view this data is strictly limited based on the individual user permission settings.