• Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) are managed by Amazon AWS who are accredited with SSAE16 Type II SOC1, SOC2 (Security and Availability Only), and SOC3.
• Location: All user data is stored on servers located in Europe (and regulated by EU data protection), and we will notify you in advance of any plans to change this.

• Uptime: The site is continuously monitored for uptime, with immediate escalation to 360 Feedback Manager staff for any downtime. Uptime has been over 99.9% for each of the last 3 years (up to 2018).
• Testing: All updates to the 360 Feedback Manager site are subject to functional and security testing before being pushed to the customer-facing site.
• Penetration testing: We plan to do this test annually - Scheduled for 1st Dec
• Firewall: Firewall restricts access to all ports except a minimal set required by the application.
• Patching: The latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.
• Access Control: Access to the server is restricted to a small number of staff authenticated over complex passwords which are reset every 3 months. Access to perform any harmful actions is further restricted by role-based rules and complex passwords.
• Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
• Anti Virus and Anti Malware: Our system is installed with antivirus and anti malware and network security software which is updated regularly.

• Backup Frequency: Daily full backups of all data. This enables us to restore the site to a state not-more than 24 hour before a major issue occurs.

• Employee Screening: We perform background screening on all employees.
• Service Providers: We screen our service providers and to ensure appropriate confidentiality obligations if they deal with any user data.
• Audit Logging: We maintain and monitor audit logs on our services and systems
• Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.

• Stack: The backend of the 360 Feedback Manager site uses Microsoft SQL Server, ASP.NET C# , IIS.
• Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

Despite best efforts and adhering to best practices, no method of electronic storage is perfectly secure and we cannot guarantee absolute security. In the event of any security breach, we will notify all users via email notifications and/or through notifications on the 360 Feedback Manager site itself.

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, such that any survey data you download to your own computer is stored securely and is only seen by the intended parties.

Due to the number of customers that use our service, specific security questions or custom security forms can only be addressed for customers purchasing a large volume of credits within 360 Feedback Manager. If this may be required for your company, you can contact us at support@360FeedbackManager.com.