Data Security Policy

Introduction

The security policy outlined in this document refers specifically to the Eventsforce software application known as “Eventsforce”. All subsequent references to Eventsforce are meant to signify the software application and not the company as a whole. This policy has no application to the Eventsforce mobile applications, including the Eventsforce Mobile App and Eventsforce Kiosk.

Authorisation

Eventsforce is a database-integrated application and therefore holds all events and personal level data within its own database. Data in the database can only be accessed through the Eventsforce web interface or through the Eventsforce API.

Eventsforce uses an isolated multi-tenant architecture, where data for each client is stored in its own separate database, but several clients will share a server. It is not possible to run a query across multiple databases. This design ensures robust segregation of data from different clients.

Access to Eventsforce can be controlled either via username and password authentication, or by using an external authentication service (e.g. through Active Directory using ADFS and SAML2). Role-based access control allows individual users to be restricted to particular functions or particular events.

Users and roles are managed by the customer.

Encryption

All traffic between Eventsforce servers and client browsers is sent using HTTPS (TLS 1.1 or higher). This ensures the highest level of security when viewing and entering data on a web page.

Client data is encrypted at rest using AES-256 encryption.

Tape backups are encrypted by our hosting providers (Rackspace) using AES-256-GCM encryption.

Rackspace manage the encryption keys on behalf of Eventsforce

Data Protection

Please refer to our Privacy and Security Policy, available online at https://www.eventsforce.com/privacy-policy or at or such other website address as may be notified by us from time to time.

Physical Security

Eventsforce provides a hosted and managed service for customers. The Eventsforce servers are hosted at a Rackspace data centre in the UK. Backups are stored offsite at a facility managed by Iron Mountain.

Rackspace holds ISO 27001:2005 (Information Security) and ISAE 3402 certification for its UK data centre and is approved by Visa as a Compliant Level 1 Payment Card Industry (PCI) Service Provider:

Only authorised Rackspace employees have physical access to our servers.

Iron Mountain maintains SysTrust Certification and PCI Compliance:

Eventsforce will not move hosting outside the UK or to a hosting provider without ISO27001 certification without prior approval from customers.

Penetration Testing

We use external consultants to run a penetration test against the Eventsforce application at least annually. Any critical or high severity issues found are given the highest priority for development and rectified as soon as possible. We also welcome penetration tests from customers.

We use Alert Logic for intrusion detection (Threat Manager) and log analysis (Log Manager). These are monitored and managed 24/7 by Alert Logic and Rackspace.

We run an automated vulnerability scan at least quarterly.

PCI-DSS Compliance

Eventsforce supports a number of different Payment Card Industry Data Security Standard (“PCI-DSS”) compliant gateways for handling card payments. These gateways all use hosted payment pages – card data is only processed by the payment gateway and is never stored or processed directly by the Eventsforce application.

Outsourcing all payment processing simplifies PCI-DSS for clients and allows Eventsforce to support a PCI-DSS compliant process.

We perform a PCI-DSS service provider self-assessment at least once a year, to monitor and ensure our continuing compliance with the PCI-DSS.

Disaster Recovery

Eventsforce uses a multi-level backup strategy to ensure a high level of security. Identical copies of all data are stored at two locations in the UK (Rackspace and Iron Mountain).

Each customer database is held in a separate file. All customer data is backed up to a tape archive every night. The tapes are stored offsite in a secure location and rotated every four weeks. Tape backups are encrypted by Rackspace using AES256-GCM encryption. Rackspace manage the encryption keys on behalf of Eventsforce.

The Eventsforce database servers use RAID 10 to provide resilience. Failure of a single drive will not cause any downtime, failed drives are normally replaced within 30 minutes.

In the event of major hardware failure on a database server, we will switch to the warm standby server which contains a near real-time copy of the live servers. Switchover typically takes less than one hour.

In the very unlikely event that the warm standby server has also failed, the server will be rebuilt from the last backup. This may take several days.

The Eventsforce web servers have multiple redundancy – failure of a single server will not cause any downtime.

If any other network hardware fails, it is normally replaced within one hour.

Our overall RTO is 4 hours, with a RPO of 24 hours.

All emails are stored for 6 months. Emails are then moved to secondary media for at least an additional 6 months.

Incident Management

Any Eventsforce employee that discovers or suspects that a security incident has happened must report the incident to both their manager and to a company director immediately. Security incidents may include:

  • Unauthorised access to any Eventsforce system
  • Disclosure of protected data, including paper disclosure, e-mail release or inadvertent posting of data on a web site
  • Viruses, worms and trojan horses
  • Denial-of-service or any other attack on any Eventsforce system
  • A breach involving cardholder data

The director will coordinate the response to the incident, involving other employees as required. The response may include:

  • An immediate resolution to the incident (e.g. temporarily disabling an account or server)
  • Informing affected customers
  • Informing the police if a criminal offence is suspected
  • Product or process changes to avoid future incidents of this kind