Data Access & Security
CASO SURVEY SERVICES is SOC II compliant and maintains a secure, independent network for survey projects and client data.
Authorized Access to Data Servers
Our Survey Services domain servers are behind a hardware firewall, which ensures that there is no outside access and extremely limited internal access (administrator only) from CASO SURVEY SERVICES’s internal domain. Our secure FTP (SFTP) server provides a place where files can be securely and quickly exchanged. It requires the use of trusted encryption schemes for all connecting clients. All outgoing data is sent directly from behind our firewall with the preferred client protocol. Our SFTP server folders are continuously monitored by a transaction manager that moves, and if necessary decrypts, incoming files to an appropriate protected location behind our firewall; the original file is then deleted.
Restricted Access to Data via Computer
Computer access to data of any kind is restricted by login. Levels of access are controlled by security settings. For example, an operator with only viewing needs will not be given appending rights, and so on. Authenticated users are subject to a password policy, which requires all users to maintain passwords that meet minimum security requirements and provides them with access to only the specific data for which they are authorized. CASO SURVEY SERVICES enforces a strict requirement that users change their passwords on a regular basis.
Data Encryption
For additional security, CASO SURVEY SERVICES encourages the use of a minimum 128-bit PGP encryption for transferred files. For web applications containing sensitive data, CASO SURVEY SERVICES utilizes second socket layer (SSL) protection, which means that all incoming and outgoing information traveling via the internet is encrypted and secured in both directions.
Controlled Physical Access to Production Areas
Access to CASO SURVEY SERVICES’s operation areas is strictly monitored, controlled, and enforced. Only authorized personnel are allowed into the areas of operation in order to protect the sensitive nature of the information involved. Unauthorized personnel are required to sign in/out and must be accompanied by an authorized escort. CASO SURVEY SERVICES provides secured storage for paper-based documents.
Retention of Clients’ Digital Data
Clients’ data are retained for 90 days following project completion. If the client requests extended storage, data are transferred to optical media and kept in a sealed, fireproof safe. When optical media are disposed of, they are shredded before being placed in common trash containers.
Backups
To ensure that client data are not lost, CASO SURVEY SERVICES follows a thorough backup procedure on all servers and computers. We use Microsoft’s Azure platform to backup and set retention on server and production data. Depending on the data and the client’s needs, we generally keep data for two weeks, with backups of the database occurring every 15 minutes and restore points for the file data being created three times daily. In addition, full backups are run nightly and weekly, and retained for one month.
Document Destruction
Depending on the client’s requirements, forms and documents can be destroyed on- or off-site, and paper can be recycled. Documented proof of destruction and videotaped proof are available upon client request.