Haley Marketing Group Website Hosting Security Statement

Follow

Security Statement

Millions of users have entrusted Haley Marketing Group with their data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

Application and User Security

  • SSL/TLS Encryption: Users can determine whether to collect survey responses over secured, encrypted SSL/TLS connections. All other communications with the admin.haleymarketing.com and myhaley.haleymarketing.com websites are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
  • User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Haley Marketing Group issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
  • User Passwords: Passwords are individually salted and hashed.
  • Data Encryption: Certain sensitive user data, such account passwords, is stored in encrypted format.
  • Data Portability: Haley Marketing Group enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications.
  • Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Physical Security

  • Data Center Security: Our datacenters employ keycard protocols, biometric scanning protocols, and around-the-clock interior and exterior surveillance. Access limited to authorized data center personnel—no one can enter the production area without prior clearance and appropriate escort. Every data center employee undergoes thorough background security checks
  • Environmental Controls: Our data center is maintained at controlled temperatures and humidity ranges which are continuously monitored for variations. Smoke and fire detection and response systems are in place.
  • Location: All user data is stored on servers located in the United States.

Availability

  • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
  • Power: Servers have redundant internal and external power supplies. Data center has backup power supplies, and is able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
  • Uptime: Continuous uptime monitoring, with immediate escalation to Haley Marketing Group staff for any downtime.
  • Failover: Our database is mirrored to standby servers and can failover in less than an hour.

Network Security

  • Uptime: Continuous uptime monitoring, with immediate escalation to Haley Marketing Group staff for any downtime.
  • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
  • Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).
  • Patching: Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.
  • Access Control: Secure VPN, multifactor authentication, and role-based access is enforced for systems management by authorized engineering staff.

Storage Security

  • Backup Frequency: Backups occur daily to a centralized backup system for storage in geographically disparate sites.

Organizational & Administrative Security

  • Training: We provide security and technology use training for employees.
  • Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
  • Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).
  • Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.

Software Development Practices

  • Stack: We code in PHP and Perl and run web services on CentOS Linux Servers using Apache and MySQL.
  • Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Haley Marketing Group learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Have more questions? Submit a request

Comments

Powered by Zendesk