Training offer: 33% off our 1-day Analyzing Results training course Learn more →
Improve your expertise - Book your webinar place now →
Rated 'A' on Security Scorecard
View latest updates →

Snap Surveys Security & Compliance Program

At Snap Surveys we put our customers first, making the confidentiality, integrity, and availability of their information a constant priority. Our security programme is robust, comprehensive, and under continual review, evolving as standards change and new technologies emerge.

global security

Certifications and Compliance

ISO 27001

Snap Surveys has been certified to ISO 27001 since 2013. This internationally recognised gold standard for information security management systems shows compliance with various regulatory acts, including HIPAA, GLBA, and SOX in the US.

Cyber Essentials Certified Plus

Cyber Essentials Plus

UK government-backed scheme showing a commitment to cyber security and protection against common online threats.

NHS

NHS Digital Toolkit

Snap Surveys meets the required standards, providing assurance of commitment to good data security and the protection of personal information.

Security Scorecard

Snap Surveys is rated ‘A’ by Security Scorecard, which rates an organisation’s commitment to cybersecurity based on 10 factors.

Data Hosting & Control

We understand that data location is an important consideration. Snap Surveys offers flexible options to meet your data residency requirements.

[icon]

Dedicated Servers

You may choose to have your data hosted on dedicated UK (ANS Group) or US-based servers (Microsoft Azure), both of which are ISO 27001 certified. Please speak to us if you want your data stored outside of the UK and US.

[icon]

Self-Hosted Solution

Want more control? Install the Snap Surveys survey platform on your own servers. This is particularly useful for meeting strict compliance requirements like HIPAA.

Security Policies and Procedures

[icon]

Personnel

Staff undergo a comprehensive pre-employment screening and are contractually bound to confidentiality and data protection clauses. Information security training is part of a structured induction and ongoing training program.

[icon]

Audits

The security program is monitored through a system of rolling internal audits and annual external audits.

Technical Security Measures

data security icon

Data Transmission and Application Security

  • Secure Delivery: Secure (HTTPS), encrypted questionnaire and report delivery is a standard feature on all accounts.
  • Data at Rest: Data is encrypted at rest to ensure total security even when not in use.
  • Secure Coding: Applications are developed using best practices and secure coding methodologies that align with OWASP.
  • Vulnerability Scanning: Permanent malware scanning and regular vulnerability scans.
  • Backups: Daily backups to ensure data can be recovered.
  • Penetration Testing: Third-party penetration tests are carried out at least annually.
2FA icon

Product and Account Security

  • Authentication: Customers manage access with unique usernames and securely hashed passwords. Multi-Factor Authentication (MFA) is available.
  • Single Sign-On (SSO): SSO is available to provide streamlined and secure access for users.
  • Access Control: Access to systems is restricted to authorised personnel based on job function and role.
  • Data Portability: Customers can download or export their data in multiple formats for use in other applications or for backup.
  • User permissions: Set user permissions to control the data your team and clients can access.
accessibility icon

Accessibility

Surveys should be accessible to everyone – therefore your platform is designed to help you create surveys that are compliant with accessibility standards.

  • WCAG and Section 508: Snap Surveys web questionnaires are compliant with WCAG (Web Content Accessibility Guidelines) and US Section 508 requirements.
warning icon

Monitoring and Incident Response

Surveys should be accessible to everyone – therefore your platform is designed to help you create surveys that are compliant with accessibility standards.

  • Continuous Monitoring: Our systems are constantly monitored by Snap Surveys staff, with a team on call 24/7 to respond to alerts.
  • Incident Management: Incident management, business continuity, and disaster recovery plans are maintained, tested, and reviewed regularly. In the event of a security incident, we will communicate with customers according to those plans.

More on GDPR and US Data Protection laws

Snap Surveys’ key security standard is ISO 27001, an internationally recognised gold standard for information security management systems. This standard helps the company comply with various regulations worldwide.

Snap Surveys holds the following certifications:

  • ISO 27001: Certified since 2013, demonstrating a commitment to international information security best practices.
  • Cyber Essentials Plus: A UK government-backed scheme to protect against common cyber threats.
  • NHS Digital Toolkit: Meets the standards for good data security and the protection of personal information.
  • Security Scorecard ‘A’ Rating: Achieved an ‘A’ rating based on a comprehensive evaluation of cybersecurity practices.

Snap Surveys offers flexible data hosting options, including dedicated UK or US-based servers at Microsoft Azure and ANS Group. You also have the option to install the survey management system on your own servers for full control.

All data is secured using encryption.

  • In-transit: Data is protected using HTTPS and TLS encryption.
  • At rest: Data is encrypted when stored on servers to ensure its security.

Yes, Single Sign-On (SSO) is available to provide streamlined and secure access for users.

Application security is ensured through a multi-layered approach that includes:

  • Secure coding practices that align with OWASP standards.
  • Regular, permanent malware and vulnerability scanning.
  • Timely application of the latest security updates and patches.
  • Annual third-party penetration tests.

Physical security is handled by our data centre hosting providers, who implement measures such as:

  • Physical access controls to prevent unauthorised site access.
  • Redundant power and HVAC systems.
  • Advanced fire suppression systems.

Snap Surveys has well-defined incident management, business continuity, and disaster recovery plans. These plans are regularly tested and reviewed. In the unlikely event of a security incident, customers will be notified in accordance with these plans.

Yes, Snap Surveys is committed to accessibility. Our web questionnaires are compliant with WCAG and US Section 508 requirements.

Snap Surveys staff undergo comprehensive pre-employment checks. Our employees are contractually bound to confidentiality and receive continuous information security training

Yes, please click here to see the details.