CANVASS Security Statement
Statement last updated: 7 September 2020
This security statement relates to the ACSPRI hosted survey service “CANVASS” at https://canvass.acspri.org.au
The server hosting this service is hosted by Intergrid on behalf of ACSPRI in the Melbourne - Equinix ME1 Datacentre. This data centre has 24/7 on-site staff, biometric readers, CCTV and auditable access lists. It is also has the following certifications: ISO 27001, PCI DSS, SOC 1 Type II, SOC 2 Type II.
Access to the server is only permitted via secure connectivity (SSH).
Only those who require access to the server are permitted access. ACSPRI requires all employees with access to this service to have completed a confidentiality agreement.
We encrypt your data in transit using secure TLS cryptographic protocols (look for the “lock” in your browser URL bar).
Access to the service is logged and retained for the purposes of reviewing any security incident. Remote monitoring is used to ensure system continuity and notify ACSPRI of any potential service interruptions.
Encrypted backups are stored locally on the server and also in an offsite location within the State of Victoria, Australia. Backups are retained indefinitely. You can also download local backups of your data (“Survey archives”) which are created daily on the service, and can be restored on any installation of LimeSurvey.
The server operating system and applications are regularly updated with vendor supplied security updates.