Poll Everywhere Information Security Program Summary
Poll Everywhere takes the confidentiality of our customers’ data seriously, and we have developed an information security program (the “Program”) to help protect our customers’ confidential information and personal information (collectively “Sensitive Customer Data”).
Our program is designed to:
- Provide security solutions intended to minimize the security risks associated with our processing of Sensitive Customer Data;
- Allow for monitoring of our relevant systems for threats to the security of Sensitive Customer Data we store;
- Provide training to certain employees based on their roles within the company and access and use of Poll Everywhere’s systems and Sensitive Customer Data, including training for application developers and system administrators; and
- Facilitate the selection of third-party service providers that adhere to appropriate security practices with respect to their processing of Sensitive Customer Data.
This summary provides additional information concerning the key elements of, and security measures addressed in, the Program.
- Our Information Security Program establishes policies for the identification and protection of Sensitive Customer Data.
- The Program is managed by a firm-wide Security Committee, comprised of representatives of key operational groups within Poll Everywhere.
- The Program is reviewed and approved by the Board of Directors of Poll Everywhere on an bi-annual basis.
- The Program is subject to review by internal personnel and/or external auditors on a periodic basis.
Our Information Security Program has five key elements:
Identity & Access Management: Policies and measures designed to limit access to Sensitive Customer Data to those Poll Everywhere employees that have a need to access such information in order to perform their job functions, including:
- Periodic review and recertification of employee access rights;
- Modification or removal of access rights, as appropriate, upon relevant changes in an employee’s job responsibilities; and
- The use of multi-factor authentication to access certain applications and systems that handle Sensitive Customer Data.
Encryption: Implementation of encryption tools to protect Poll Everywhere and Sensitive Customer Data at rest within the Poll Everywhere network and in transit over the Internet when leaving Poll Everywhere’s systems.
Security & Vulnerability Management: Policies and controls that address the security of the Poll Everywhere network and help protect it from internal and external threats, including:
- Network boundary controls, including the use of firewalls and Internet proxies to defend against outside attack;
- Activity monitoring tools to detect anomalous behavior, attacks and threats to the Poll Everywhere network;
- A threat and vulnerability management program, which identifiesvulnerabilities and required security patches;
- An enterprise-wide incident response program intended to provide for an appropriate response to security incidents as they occur, and mitigate damage to the firm; and
- Periodic vulnerability assessments of our environment conducted by appropriate internal personnel or independent third-parties.
IT Risk Management & Compliance: Policies and controls concerning periodic risk assessments of existing Poll Everywhere systems and new system implementations, including:
- Risk assessments of relevant applications, technology infrastructure and other technology environments operated by Poll Everywhere that process Sensitive Customer Data;
- Addressing data security statutory and regulatory requirements applicable to Poll Everywhere in jurisdictions in which the firm does business;
- Data retention and disposition policies and processes;
- Policies to analyze the security of subcontractors that process Sensitive Customer Data on behalf of Poll Everywhere; and
- Acceptable use policies governing employee requirements related to information technology security, including the appropriate use of email, social networking, business applications, end user devices, and other relevant technology used by Poll Everywhere.
Application Security: Policies and controls to facilitate the development of applications with appropriate controls to protect against application-based security threats, including:
- Security training and awareness for software developers;
- Comprehensive code development guidelines followed during application development;
- System security requirements analysis; and
- Application penetration testing.