Software security

  • Access to ion interactive admin console only permitted via SHA-256 SSL-secured connections
  • Individual ion interactive manager accounts with independent access control features
  • ion interactive manager account passwords are salted and hashed using bcrypt/Blowfish
  • ion interactive manager account passwords are required to be “strong” with a minimum length and a mix of alphanumeric and symbolic characters
  • Only TLS 1.2 and TLS 1.0 connections supported
  • Data collected from respondents may optionally be stored encrypted in the database using AES-256 encryption
  • Data collected from respondents may optionally auto-deleted after a configurable expiration window
  • Data exported from ion can be transmitted via secure HTTPS, SFTP or FTPS protocols with configurable authentication credentials
  • Variable IP restrictions can be configured on each individual ion console
  • A strict admin content security policy in place

Data security

  • Single-tenant software-as-a-service (SaaS) architecture maintains each customer’s data in their own dedicated database and separate file directories
  • Robust RAID10 redundant hard drives for data and file storage with automatic alerts of potential failures
  • Weekly full backups, daily differential backups of database and file systems; offsite back ups available as an optional configuration
  • 2 week data backup retention policy, secure destruction of expired backups
  • Automated checks for database integrity and index optimization
  • Parameterized queries and stored procedures protect against SQL injection attacks
  • All ion employees are bound by non-disclosure agreements which covers non-public customer information and are trained on the sensitivity of such information
  • Background checks for ion interactive and Rackspace employees