ORI's data is securely hosted and managed by a company that has an experienced, close-knit, trusted team of six bound by confidentiality agreements. As a small firm of data collection specialists, ensuring respect for both client and respondent privacy and confidentiality is critical to their livelihood and they take it very seriously. Your collected data is never used for any purpose other than your project goals, and only approved members of your team has access to it.
ORI’s surveys may have open-ended questions, and the respondent may or not reply and may or may not choose to self-identify when asked. This information is part of the report and is displayed as directed by the respondent. Note that the POE Cube displays all information but does not disclose the source.
2. Data Security
Data Hosting: Data is securely hosted in Canada on proprietary servers co-located in locked racks at two sites: Peer1's data centres at Pullman Court in northeast Toronto, Ontario and at 151 Front Street in downtown Toronto. This allows our hosting company to have hands-on access to these servers and full control of these systems rather than going with the current fashion of outsourcing to a cloud provider. They know exactly where the data is and who has access to it.
Backups: All data and files are securely backed up within the same rack and these backups are securely copied to the other site several times a day, where they are stored on a secure backup server until needed. These backups are tested by running random data recovery simulations.
Failover: In the event of a failure of one of the servers, or of an entire Peer1 facility, the DNS records can be quickly updated for both sites and have the backup servers take over. They routinely practice managed failover routines during server migrations. Peer1's reliability has meant they have never needed to actually go to the backup servers due to a data centre outage.
Firewalls: They use their own dedicated hardware firewalls running the robust pfSense software distribution, which allows fine-grained control over network traffic. The system administrator was a Technical Reviewer on the pfSense book (https://pfsense.org/get-support/#documentation) written by the software's authors, and they have an ongoing support relationship with them for on-demand assistance.
Password Strength: All passwords for system users are strong and complex. In many cases, staff passwords have been replaced with secure SSH keys for even greater security.
Physical Separation: Data is stored on a dedicated database server that is not exposed directly to the internet. Our database servers reside "behind" the web servers and do not also run unnecessary services like web or mail servers that would increase their attack surface.
Secure Connections: The servers are administered only over encrypted SSH (Secure Shell) connections on port 22. Only admin staff IP addresses and the racks can even attempt to sign in to the servers... the firewall makes sure the servers are invisible to the rest of the internet on that critical port, and on all unused ports.
Secure Web Access: Applications, surveys, and reporting sites use high-grade SSL encrypted connections using a 4096-bit RSA key. If a given visitor types http:// instead of https:// they are redirected automatically to the secured version of the page rather than allowing the insecure connection.