The Heartbleed Bug has been a troublesome headline in the news recently. We want to assure you that all servers used by the SurveyGold survey solution are running OpenSSL version 1.0.1g, the most current version of OpenSSL. As a result, our servers are not vulnerable to the Heartbleed Bug which has garnered so much worldwide attention today.
As a reflection of our commitment to protecting the data you entrust to our SurveyGold survey solution, all of our websites comply with PCI Security Standards. Rigorous PCI compliance scans are performed once every three months by a third-party and the results of their findings are described in a SurveyGold PCI Compliance Attestation.
Here is a profile of buyer criteria for institutions considering SurveyGold.
Regarding our reputation, we have been serving a global customer base since 1999. We received a 9.5 out of 10 rating for three years in a row from the independent review site TopTenReviews and also have high ratings from CNET/Download.com where over 50,000 users have downloaded and used our SurveyGold application.
We manage our support services pro-actively and have a high response rate to inquiries, with approximately 50% being responded to in one hour or less. To give you a lens into how widely used our SurveyGold application is, take a look at this representative sample of our customer list.
Regarding our right to change the terms at any time, we have gone on record regarding our view of the data ownership and sacred trust. Simply said, if we blow that promise, we blow our brand. Trust is an essential part of our brand promise.
We also have published website notices specific to SurveyGold software, documents and links as well as general legal notices.
What is the exit strategy for disengaging from the vendor or service to fully delete all data from their service including distributed or back-up copies? How will we be able to recover our data from the vendor, especially in cases where the vendor shuts down.
The SurveyGold solution delivers the data to the SurveyGold application which records it in the SurveyGold database application...all of which reside on the survey author's computer. SurveyGold application users have access to this data forever, even if Golden Hills Software goes out of business. SurveyGold application licenses are perpetual, which means that they never expire, so you will never be locked out of the SurveyGold application.
As part of normal practice, the SurveyGold application provides the ability to backup and restore the SurveyGold database using your own data storage solution (e.g., network folder, USB drive).
So, the bottom line is that the SurveyGold solution puts you in possession of your data.
Proportionality of Safeguards and Encryption of Data
Vendor statement on: privileged user access, data location, data segregation, data ownership, recovery/data availability, return of data, change management, user provisioning and de-provisioning, personnel practices, incident response plans, and investigative/management support.
Statement on encryption. Transmission of data to the vendor site must be encrypted. The data must also be encrypted at the vendor.
Our SurveyGold Online Services services manage, process and track your SurveyGold data. These services are built upon the world-class data center operating environment of our web hosting partner, HostingSource.com.
All of our servers are actively monitored and regularly scanned to be compliant with PCI Security Standards.
Please provide a system architectural diagram as to how your software works. For example, you mention the SurveyGold software on our computer. We need to know more details about any impact of your software on our computer devices and if it interacts with your cloud hosted app, etc.
This conceptual diagram of the SurveyGold solution describes the relevant details:
SurveyGold application - (surveygold.exe) A Windows application that installs on the survey author's computer. It is a stand-alone application that uses HTTP (Port 80) and HTTPS (Port 443) to interact with SurveyGold Online Services. SurveyGold interacts with Microsoft Word, if it is detected on the computer, for the purposes of publishing reports and producing surveys in Word format. There are no other interactions with the SurveyGold application except for the following:
SurveyGold database application - (rteng9.exe) Sybase SQL Anywhere (SSA) is the database application that installs as part of the SurveyGold setup program. SurveyGold employs SSA for the purposes of securely and efficiently managing and tracking survey data.
SurveyGold updater application - (update.exe) This application installs as part of the SurveyGold setup program. SurveyGold uses it to provide software updates.
SurveyGold online services - A set of online services employed by the SurveyGold application and accessible via surveygold.com (IP address: 220.127.116.11), surveygoldcloud.com (IP address: 18.104.22.168) and legacy website surveygoldplus.com (IP address: 22.214.171.124) for the purposes of publishing web surveys, collecting responses, acquiring SurveyGold application updates and other online features.
In light of the recent news and uproar surrounding Instagram's updated terms of service describing their ability to sell photographs that are stored by users on their website, I thought it would be prudent and timely to remind you, our SurveyGold customers, of our position regarding the surveys and survey data that you collect, manage and track through the SurveyGold application and the surveygold.com, surveygoldplus.com and surveygoldcloud.com websites.
My intention in making this statement is not to stir up a hornet's nest of inquiry and suspicion. Rather, my intention it so assure our SurveyGold users around the world that we consider it a sacred trust to process and store your web surveys and survey response data. We will never, ever, ever violate that trust. This is the very foundation of our SurveyGold brand promise to you.
You've created a web survey form using SurveyGold. You've distributed it to your respondents and they are filling out the form in droves. Magically the web survey responses start flowing into your SurveyGold application. All seems well until a thought crosses your mind, "Are my web survey responses being processed securely?"
It's a legitimate question and this article unpacks the details regarding the security of your SurveyGold web survey responses.
Overview: How Web Surveys Work
Before getting into the details of web survey security, it's probably a good idea to review just how your web survey responses are processed. The SurveyGold application is a workstation-based survey authoring and data collection solution. It provides the ability for you to create a web survey form that can be placed on your web site or, more commonly, on a website available our online service.
What the Respondent Does: When a respondent submits responses to your web survey form, those web survey responses are sent securely from the respondent's web browser across the Internet and recorded on the surveygold.com website.
What You Do: Later, when you perform the Update Activity action in your SurveyGold application, those web survey responses are moved securely from the surveygold.com website across the Internet to the SurveyGold application that resides on your computer.
When we say "web survey responses are sent securely" we mean it. Responses are sent across the Internet using Secure Sockets Layer (SSL), the leading Internet encryption technology.
A pictorial overview of web survey form processing is available here.
Why Our Online Service Processes Web Survey Responses
The SurveyGold Online Services platform on the Internet is the behind-the-scenes hub in our web survey processing solution. In contrast to the majority of other web survey solutions, one distinctive aspect of SurveyGold is that it delivers web survey responses to an application on your computer. Here is why our solution is designed this way:
Encrypted Web Survey Responses Have a Secure Stay on Our Online Service
Protecting the privacy of web survey responses submitted via our online service is our highest value. Our servers are actively tested by a third-party for PCI compliance. Web survey responses are encrypted while they are stored on the surveygold.com website. Nothing is done with the responses other than staging them transiently while they await delivery to the SurveyGold application on your computer. As they are downloaded to your computer, they are moved to an archival location on our online service website to serve as a backup and to provide you the ability to share survey responses in real-time with other SurveyGold users via the Shared Responses feature.
No Questions, Only Responses are Recorded on Our Online Service
By the way, the web survey responses that are recorded on surveygold.com are completely encrypted when they come to rest and contain just one thing: responses. There is no contextual question data recorded on our online service.
This is by design so that the only place that responses are correlated to their associated questions is when they responses are downloaded via SurveyGold application to the survey author's computer. Your web survey responses reside in your SurveyGold application database (which is an encrypted file on your computer) after you have collected them into your SurveyGold application. After the responses are downloaded to your computer, they are moved to an archival location on our online service website to serve as a backup and to provide you the ability to share survey responses in real-time with other SurveyGold users via the Shared Responses feature.
As the author of SurveyGold, it's my pleasure to serve and collaborate with the diverse community of SurveyGold survey authors, surveyors and respondents.