4.4 Privacy, security, data integrity, and high availability services: policies and processes

1. Objectives

  • Ensure confidentiality, and protection of privacy and security of client and user data
  • Maintain integrity of data and ensure availability of backups
  • Ensure high-availability services
  • Implement online security best practices

 

2. Privacy and security

In order to assure subscribers and respondents that their data is secure and maintained in strict confidence, the following are the minimum Confidentiality and Security Policies adopted by futureInnovate / BenchmarkAction™ (BAI) to be reflected in service agreements and agreed to on registration by all users:

  • All collaborating organizations involved in marketing, delivering, and providing technical support for Services hosted on the futureInnovate / BAI Platforms must agree to the terms of this policy.
  • The confidentiality of all subscriber and respondent data collected in connection with the offerings of Services will be afforded the same level of protection as futureInnovate and BAI provide for their own confidential data.
  • Neither futureInnovate nor BAI nor any other Party will disclose subscriber or respondent data collected in connection with the Services to any third party except as part of aggregate comparative benchmarking data or metadata, or as required to comply with legally-enforced requirements of relevant jurisdictions.
  • Segmented data and metadata will be made available only when there is a sufficient number of organizations in a segment or metadata category to ensure that benchmarking data or metadata included in reports cannot reasonably be identified with an individual entity.
  • All subscriber and respondent communications with any server used to support the Services are encrypted using SSL technology. The servers on which subscriber and respondent data resides are maintained in access-controlled facilities, and are protected against unauthorized access using such reasonable techniques as are appropriate to protect confidential commercial data while still ensuring access for authorized users, including the use of user passwords, monitoring of excessive failed logins, use of both software-based and hardware-based firewalls, and other standard online security techniques.
  • Given the inherent limitations of any Service delivered over the public internet, however, Subscriber Agreements must contain disclaimers and clauses that limit the liability of futureInnovate, BenchmarkAction Inc. and associated corporations and individuals from potential liabilities arising in connection with provision of the Services, including potential liabilities that might arise from any breaches of this security policy other than willful breaches of confidentiality.

3. Data Integrity

In order to ensure data integrity:

  • All data in the main futureInnovate / BAI database is continuously replicated to a remote off-site backup mySQL database over an encrypted connection, using the data replication capabilities of mySQL
  • Main server hard drives are configured as a redundant array (RAID), the integrity of which is continuously monitored
  • Main server hard drives are fully backed up daily to both a local backup drive and a remote backup drive in an off-site location.

4. High availability

  • futureInnovate / BAI’s main servers are hosted at 151 Front Street in Toronto with Peer1, one of Canada’s leading co-hosting providers, offering a secure co-location facility with controlled access, redundant bandwidth, and backup power supplies.  For additional information about Peer1, visit http://peer1.com
  • futureInnovate / BAI also maintains a remote backup server in secure access-controlled facilities in Cobourg, Ontario.
  • All futureInnovate / BAI machines are continuously monitored by a remote Nagios installation that tests network connectivity and the availability of key services every few minutes, and pages a BAI representative within minutes of any service interruption. Nagios is a widely-user open-source platform for IT infrastructure monitoring. (See nagios.org)
  • Unusual system events or java exceptions generate an email which is sent to futureInnovate / BAI technical staff
  • Up-to-date source code is maintained in multiple secure locations and backed up regularly
  • The server has the capacity to manage hundreds of simultaneous users

5. Summary of futureInnovate / BAI security practices

  • Users must access the main servers via an encrypted SSL connection.  This minimizes the possibility of eavesdropping
  • All users must login using a userId and password
  • Users are granted access only to services for which they have a valid subscription.  All subscriptions auto-expire within 12 months or less and must be renewed
  • Servers are configured to notify an administrator in the event there are five successive login failures
  • All ports on servers are closed by a firewall unless specifically opened
  • All server interactions are controlled through the jboss session security mechanism that tests for a valid session, and forces a login if a session is invalid.  Sessions automatically timeout after 30 minutes of inactivity
  • Documents uploaded to the server are assigned a randomly-generated UUID or timestamp as part of the filename, to ensure that filenames are unique and secure.  Filepaths to uploaded documents are suppressed in downloadable pdf documents
  • Access to view contents of directories on the server is prohibited
  • SSH access to the server requires public key authentication by an authorized admin user
  • Servers and remote backup servers are maintained in access-controlled facilities
  • futureInnovate / BAI accounts do not provide access to the underlying operating system. User accounts with access to the operating system on servers are kept to a minimum
  • Operating system security updates are applied on a regular basis

Next