Data Security Policy
The security policy outlined in this document refers specifically to the Eventsforce software application known as “Eventsforce”. All subsequent references to Eventsforce are meant to signify the software application and not the company as a whole. This policy has no application to additional Eventsforce products including the Eventsforce Mobile App, Eventsforce Kiosk & Eventsforce Virtual Content Delivery which are managed by separate policies where applicable.
Eventsforce is a database-integrated application and therefore holds all events and personal level data within its own database. Data in the database can only be accessed through the Eventsforce web interface or through the Eventsforce API.
Eventsforce uses an isolated multi-tenant architecture, where data for each client is stored in its own separate database, but several clients will share a server. It is not possible to run a query across multiple databases. This design ensures robust segregation of data from different clients.
Access to Eventsforce can be controlled either via username and password authentication, or by using an external authentication service (e.g. through Active Directory using ADFS and SAML2). Role-based access control allows individual users to be restricted to particular functions or particular events.
Users and roles are managed by the customer.
All traffic between Eventsforce servers and client browsers is sent using HTTPS (TLS 1.2 or higher). This ensures the highest level of security when viewing and entering data on a web page.
Client data is encrypted at rest using AES-256 encryption.
Please refer to our Privacy and Security Policy, available online at https://www.eventsforce.com/privacy-policy or at or such other website address as may be notified by us from time to time.
UK hosted clients: Alert Logic (via Rackspace) is used for intrusion detection (Threat Manager).
EU hosted clients: Amazon AWS Web Application Firewall (WAF) is used to protect the environment along with basic DDoS protection provided via the AWS Shield Standard service.
Eventsforce will not move each customers hosting outside of the UK (for UK hosted clients) or outside of the EU (for EU hosted clients) without prior approval from customers.
Eventsforce provides a hosted and managed service for customers.
UK hosted clients: Eventsforce servers are hosted at Rackspace data centres in the UK.
EU hosted clients: Eventsforce servers are hosted at Amazon AWS data centres in Frankfurt.
Rackspace and Amazon AWS both hold ISO 27001 certification and is approved by Visa as a Compliant Level 1 Payment Card Industry (PCI) Service Provider:
External consultants run a penetration test against the Eventsforce application at least annually. Any critical or high severity issues found are given the highest priority for development and rectified as soon as possible.
An automated vulnerability scan runs at least quarterly.
Eventsforce supports a number of different Payment Card Industry Data Security Standard (“PCI-DSS”) compliant gateways for handling card payments. These gateways all use hosted payment pages – card data is only processed by the payment gateway and is never stored or processed directly by the Eventsforce application.
Outsourcing all payment processing simplifies PCI-DSS for clients and allows Eventsforce to support a PCI-DSS compliant process.
We perform a PCI-DSS service provider self-assessment at least once a year, to monitor and ensure our continuing compliance with the PCI-DSS.
Eventsforce uses a multi-level backup strategy to ensure a high level of security. Identical copies of all data are stored at two locations in the UK.
Each customer database is held in a separate file.
UK hosted clients: Backups are encrypted by our hosting providers (Rackspace) using AES-256-GCM encryption. Rackspace manage the encryption keys on behalf of Eventsforce
EU hosted clients: Backups are stored encrypted with AES-256 and Amazon AWS manages the encryption keys.
The Eventsforce database servers use RAID 10 to provide resilience. Failure of a single drive will not cause any downtime, failed drives are normally replaced within 30 minutes.
In the event of major hardware failure on a database server, we will switch to the warm standby server which contains a near real-time copy of the live servers. Switchover typically takes less than one hour.
In the very unlikely event that the warm standby server has also failed, the server will be rebuilt from the last backup. This may take several days.
The Eventsforce web servers have multiple redundancy – failure of a single server will not cause any downtime.
If any other network hardware fails, it is normally replaced within one hour.
Our overall RTO is 4 hours, with a RPO of 24 hours.
All emails and log files are stored for 12 months and then deleted (log files may be retained a bit longer for some services).
Any Eventsforce employee that discovers or suspects that a security incident has happened must report the incident to both their manager and to a company director immediately. Security incidents may include:
- Unauthorised access to any Eventsforce system
- Disclosure of protected data, including paper disclosure, e-mail release or inadvertent posting of data on a web site
- Viruses, worms and trojan horses
- Denial-of-service or any other attack on any Eventsforce system
- A breach involving cardholder data
The director will coordinate the response to the incident, involving other employees as required. The response may include:
- An immediate resolution to the incident (e.g. temporarily disabling an account or server)
- Informing affected customers
- Informing the police if a criminal offence is suspected
- Product or process changes to avoid future incidents of this kind
- Amazon AWS