fbpx

SITE SECURITY

CONSULTED makes it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

CONSULTED uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.

Application and User Security

  • SSL/TLS Encryption: Users can determine whether to collect survey responses over secured, encrypted SSL/TLS connections. All other communications with the CONSULTED.com website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
  • User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. CONSULTED issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
  • User Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
  • Data Encryption: Certain sensitive user data, such as credit card details and account passwords, is stored in encrypted format.
  • Data Portability: CONSULTED enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications.
  • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Physical Security

  • Data Centers: Our information systems infrastructure (servers, networking equipment, etc.) is collocated at third party SSAE 16/SOC 2 audited data centers. We own and manage all of our equipment located in those data centers.
  • Data Center Security: Our data centers are staffed and surveilled 24/7. Access is secured by security guards, visitors logs, and entry requirements such as passcards and biometric recognition. Our equipment is kept in locked cages.
  • Environmental Controls: Our data center is maintained at controlled temperatures and humidity ranges which are continuously monitored for variations. Smoke and fire detection and response systems are in place.
  • Location: All user data is stored on servers located in the United States and Luxembourg.

Availability

  • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
  • Power: Servers have redundant internal and external power supplies. Data center has backup power supplies, and is able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
  • Uptime: Continuous uptime monitoring, with immediate escalation to CONSULTED staff for any downtime.
  • Failover: Our database is log-shipped to standby servers and can failover in less than an hour.

Network Security

  • Uptime: Continuous uptime monitoring, with immediate escalation to CONSULTED staff for any downtime.
  • Third Party Scans: Weekly security scans are performed by Qualys.
  • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
  • Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).
  • Patching: Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.
  • Access Control: Secure VPN, multifactor authentication, and role-based access is enforced for systems management by authorized engineering staff.
  • Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.

Storage Security

  • Backup Frequency: Backups occur hourly internally, and daily to a centralized backup system for storage in multiple geographically disparate sites.
  • Production Redundancy: Data stored on a RAID 10 array. O/S stored on a RAID 1 array.

Organizational & Administrative Security

  • Employee Screening: We perform background screening on all employees.
  • Training: We provide security and technology use training for employees.
  • Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality obligations if they deal with any user data.
  • Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
  • Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).
  • Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.

Software Development Practices

  • Stack: We code in Python and C# and run on RHEL, CentOS and Ubuntu Linux servers.
  • Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if CONSULTED learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer SSL to secure the transmission of survey responses, but it is your responsibility to ensure that your surveys are configured to use that feature where appropriate.

Custom Requests

Due to the number of customers that use our service, specific security questions or custom security forms can only be addressed for customers purchasing a certain volume of user accounts within a CONSULTED Enterprise subscription. If your company has a large number of potential or existing users and is interested in exploring such arrangements, please CONTACT US.

on Saturday January 10 by Cloud Consulted
Was this helpful?

YOUR PRIVACY IS RESPECTED AND TAKEN SERIOUSLY AT CONSULTED

CONSULTED has created this privacy policy in order to disclose our information gathering and dissemination practices for this website. Upon reading this privacy policy, you will know:

  • The organization collecting the information from you through the website.
  • What personally identifiable information is collected.
  • How the information is used.
  • With whom the information may be shared.
  • What choices are available to you regarding collection, use, and distribution of the information.
  • The kind of security procedures that are in place to protect the loss, misuse, or alteration of information under CONSULTED's control.
  • How you can access and correct any inaccuracies in the information collected about you.

Questions regarding this policy should be directed to the CONSULTED website coordinator by emailing info or writing to us at the following address: 


CONSULTED, LLC
Attn: Administrator
300 New Jersey Ave NW

Suite 900

Washington, DC 20011

What Happens to Your Information?

CONSULTED is the sole owner of the information it gathers on its website. CONSULTED will only share your information with outside parties in ways that are described in this privacy policy or if we are required to do so by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law, cooperate with law enforcement agencies, or comply with a legal process served on our company.

 

What Information is Collected and How it is Used?

REGISTRATION


Registration may be required in order to access certain areas of the website, such as the support and partner areas. If you choose to register on the website, we will collect contact information such as name, mailing address, email address, phone number, and company information such as company name and website URL. This information is used to provide product support or other services that you may request. The information may also be used to contact you with marketing or promotional information from CONSULTED or our partners. You will have the opportunity to "opt-out" of such contacts when you register.


CONTACT US


We use email links located on the "contact us" page and other areas of the site to allow you to contact us directly with any questions or comments you may have. We read every message sent in and try to reply promptly to everyone. This information is used to respond directly to your questions or comments. We may also file your comments to improve the site or our products and services, or review and discard the information. Your personal information is only shared with third parties with your explicit permission.


LOG FILES


The CONSULTED website logs IP addresses and browser types for systems administration purposes. These logs may be analyzed to improve the value of the materials available on the website. A user's session may be tracked, but the user will be anonymous. We do not link IP addresses to any personally identifiable information.


COOKIES


A cookie is an element of data that a website can send to your browser, which may then be stored on your system. CONSULTED's website may use cookies to better serve you when you return to the site. You can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies. If you do so, however, some areas of some websites may not function properly.

THIRD PARTY SERVICE PROVIDERS


CONSULTED may contract with third parties to assist us in managing certain functions in connection with our website, such as sending out newsletters. CONSULTED will only provide third party service providers with the information necessary to carry out the service. Third party service providers will be contractually prevented from using the information received from CONSULTED for any purpose other than those dictated by CONSULTED.


LINKS


The CONSULTED website may contain links to other websites, such as partner or vendor websites. Please note that the privacy policies of these websites may differ from that of CONSULTED. We encourage you to read the privacy policy of any website you may visit.

Choices Regarding the Use of Your Information

HOW TO UNSUBSCRIBE FROM CONSULTED EMAIL PUBLICATIONS

To unsubscribe from receiving CONSULTED marketing or promotional materials, send an email request to info. Also, if an unsubscribe link appears at the end of an email, when you click on it you will be unsubscribed from such mailings.

HOW TO UPDATE USER INFORMATION

CONSULTED may provide a self-service capability to update your information via the website. Also, you can send an email request to info to update your email address or any other information you have given to CONSULTED.

SECURITY

Protecting your privacy and your information is a top priority at CONSULTED. We have taken measures to prevent the loss, misuse, and alteration of your information. Once we receive your information that was entered into our website, it is stored behind a firewall. All CONSULTED employees are aware of our privacy and security policies. Your information is only accessible to those employees who need it in order to perform their jobs.

NOTIFICATION OF CHANGES

If we are going to use your personally identifiable information in a manner different from that stated at the time of collection through this website, we will notify you via email. You will have a choice as to whether or not we use your information in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user information already collected through our site, we will post a prominent notice on our website notifying users of the change.

PRIVACY POLICY QUESTIONS OR COMPLIANCE

If you have questions about this privacy policy or feel that CONSULTED has not complied with it, please contact the CONSULTED website coordinator by emailing info or writing to us at the following address:


CONSULTED, LLC
Attn: Administrator
300 New Jersey Ave NW, Suite 900

Washington, DC 20001

on Saturday January 10 by Cloud Consulted
Was this helpful?