Security of Data and Information
Symmetric understands the supreme importance of protecting clients’ confidential information and data.
Confidential information and data are located at Symmetric’s headquarters in Arlington, Texas, and at a secure
cohosting facility offsite. Both facilities are fully protected by multiple layers of safeguards. All data transmitted
between the two sites are encrypted at the very highest level. Load-balanced pairs of servers are utilized for
critical functions, and these servers are equipped with redundant components. A summary of security policies,
processes, and procedures are outlined below.
Symmetric is ISO 27001:2022 Certified
Scope Statement for Our Certification:
The Information Security Management System is designed to protect Symmetric’s
physical and digital information assets. This includes the management of Symmetric-
owned surveys, websites, internal infrastructure (data, facilities, computers, servers),
external web applications, and the processes necessary to deliver market research
services to its clients.
Policies, Standards, and Training
-
Information security policies and standards are reviewed semiannually by the Security Committee and
are documented in Symmetric’s manuals and in the Employee Handbook.
-
References for new employees are carefully checked by Human Resources.
-
Security training is provided to employees on a regular basis.
-
The information security program is approved by the Chief Executive Officer, and it is monitored by the
Network Security Administrator, Physical Security Manager, Human Resources Manager, and all
department managers.
Legal and Compliance
-
Symmetric is a participant in the Better Business Bureau (BBB) Reliability Seal program.
-
Our parent company, Decision Analyst, was the first U.S. research company to be approved under the
Safe Harbor Agreement (the precursor to the EU Privacy Shield) between the U.S. and the European
Union. The current agreement that governs the transfer of personally identifiable data between the
European Union and the U.S. is called the EU Privacy Shield. Symmetric complies with the EU-US
Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection,
use, and retention of personal information from European Union member countries.
-
Symmetric is in compliance with European Union General Data Protection Regulation (GDPR)
created and enacted by the European Parliament and European Council.
-
Symmetric is an active and supportive member of the Insights Association (formerly CASRO and the
MRA) and fully subscribes to the Insights Association's quality standards, privacy protection program,
and security safeguards.
-
Symmetric continually works on maintaining email safe listing. This ensures that Symmetric’s email
traffic is not blocked by any ISPs.
Authorization and Access Control
-
Unique IDs and complex passwords are required for employees to log on to the Symmetric network.
Digital IDs acquired through VeriSign are used to verify identity and to encrypt email, as needed.
Authorization and Access Control
-
Access to a client’s confidential information is restricted to employees who have a need to know. No
one else is permitted to access this data.
-
Access to Symmetric’s computer systems is granted or revoked by network administrators in response
to requests from Human Resources and/or department managers.
-
A Virtual Private Network (VPN) and MFA technologies are utilized for employees authorized for remote
access to the Symmetric network and data.
-
The Information Technology Department sets procedures and policies to ensure that remote computers
accessing the Symmetric network maintain absolute security.
Confidentiality
-
All client and respondent information is classified, confidential, and protected.
-
All Symmetric employees must sign and adhere to ironclad Nondisclosure and Confidentiality
agreements to protect clients' data and confidential information, as well as Symmetric’s confidential
information.
-
All subcontractors and suppliers to Symmetric must sign and adhere to strict Nondisclosure and
Confidentiality agreements to protect clients' data and confidential information.
Network Safeguards
-
Network password files are protected with encryption.
-
Sensitive fields in SQL databases are protected using encryption.
-
Desktop and server-based antimalware protection is deployed to all computers on the Symmetric
network. Additionally, email is protected by separate antispam and antivirus services.
-
Symmetric uses Secure Sockets Layer (SSL) encryption data storage and transmission security.
-
Symmetric data-collection web servers are load-balanced so that surveys remain online, even if one of
the servers fails or is taken down for maintenance.
-
Equipment and data-storage devices are rendered unusable and unreadable at time of disposal. Hard-
disk drives are written over and then destroyed. Soft media is shredded.
Firewalls and Intrusion Prevention
-
A firewall provides security for servers and the private network at Symmetric.
-
Network technicians proactively patch and update all servers as new vulnerabilities are discovered
and/or announced.
Incident Detection and Response
-
Network technicians proactively monitor server event logs, firewall logs, and network activity reports for
suspicious events or anomalies.
-
Network administrators are formally trained in hacking techniques so that they can better identify
threats to the Symmetric network.
-
Suspicious activity is investigated and reported to senior management.
System Development and Maintenance
-
A “best practices” set of standards is maintained by the software development team for internal
development of web-based software applications.
-
All software is written with error-trapping and question-prompting routines to ensure accuracy. All
applications have quality-audit features built into the software to reduce the likelihood of errors.
Software and Systems Processes
-
Symmetric develops and maintains highly efficient, proprietary, SQL-automated processes for online
data collection that include reliable and secure data-transfer processes.
-
Client images/concepts displayed online are secured through a proprietary system developed by Symmetric.
Physical Security
-
The campus at Symmetric is protected by a closed-circuit, TV-monitoring system and patrolled by on-site security guards.
-
Building entrance doors are always locked, and entry is monitored and logged by electronic access cards.
-
Access to the computer facility is restricted to only those persons who have a legitimate need for access.
-
The computer center is a hardened facility designed to withstand tornadoes, and it includes a generator to run the center in case of electrical power failure.
-
Physical security reviews are conducted annually.
Business Continuity
-
Symmetric actively encourages and provides incentives for all employees to establish and maintain the computer equipment, systems, and software necessary to be
able to work from home and other remote sites, so that the company can continue to operate in case of snow storm, fire, flood, or other catastrophe.
-
Symmetric operates out of two hardened, secure computer facilities, each equipped with backup generators for emergency power.
-
The processing and reporting facility is geographically remote from the data-collection facility and is equipped with backup servers that can be brought online
for data collection, should the data-collection facility fail.
-
Symmetric’s Emergency Action Plan is reviewed every six months. The plan addresses all processes, systems, and technologies necessary to resume normal operations
in the event of a disaster.
Contact Symmetric
Symmetric provides sampling services to companies that place a very high value on representative samples, scientific sampling methods and advanced fraud-detection
systems. For any security related questions, please email privacy@decisionanalyst.com, or call (817) 649-5243.