| About Us
| Security of Data and Information
Security of Data and Information
Decision Analyst understands the supreme importance of protecting clients’
confidential information and data. Confidential information and data are located
at Decision Analyst’s headquarters in Arlington, Texas, and at a secure
cohosting facility in Virginia. Both facilities are fully protected by multiple
layers of safeguards. All data transmitted between the two sites are encrypted
at the very highest level. Load-balanced pairs of servers perform all critical
functions, and these servers are equipped with redundant components. A summary
of security policies, processes, and procedures are outlined below.
Policies, Standards, and Training
- Information security policies and standards are reviewed semi-annually
by the Security Committee and are documented in Decision Analyst's manuals
and the Employee Handbook.
- References for new employees are carefully checked by Human Resources.
- Security training is provided to employees on a regular basis.
- The information security program is approved by the President/CEO, and it
is monitored by the Information Security Officer, Physical Security Manager,
Human Resources Manager, and all department managers.
Legal and Compliance
- Decision Analyst is a participant in the Better Business Bureau (BBB) Reliability
- Decision Analyst was the first U.S. research company to be approved under
the Safe Harbor Agreement between the U.S. and the European Union, and adheres
to the terms of the Safe Harbor Agreement. Safe Harbor governs the transfer
of personally identifiable data between the European Union and the U.S.
- Decision Analyst is an active and supportive member of CASRO (Council of
American Research Survey Organizations) and fully subscribes to CASRO’s
quality standards, privacy protection program, and security safeguards.
- Decision Analyst continually works on maintaining email safe listing. This
ensures that Decision Analyst's email traffic is not blocked by any ISPs.
ID and Authentication
- Unique IDs and complex passwords are required for employees to log on
to the Decision Analyst network. Digital IDs acquired through VeriSign are
used to verify identity and to encrypt email as needed.
Authorization and Access Control
- Access to a client’s confidential information is restricted to employees
who have a need to know. No one else is permitted to access this data.
- Access to Decision Analyst’s computer systems is granted or revoked
by network administrators in response to requests from Human Resources and/or
- A Virtual Private Network (VPN) with secure login authentication is provided
for employees authorized for remote access to the Decision Analyst network.
- The Information Technology Department sets procedures and policies to ensure
that remote computers accessing the Decision Analyst network maintain absolute
- All client and respondent information is classified, confidential, and
- All Decision Analyst employees must sign and adhere to ironclad Nondisclosure
and Confidentiality agreements to protect clients' data and confidential information,
and Decision Analyst's confidential information.
- All subcontractors and suppliers to Decision Analyst must sign and adhere
to strict Nondisclosure and Confidentiality agreements to protect clients'
data and confidential information.
- Network password files are protected with encryption.
- Sensitive fields in SQL databases are protected using encryption.
- Desktop and server-based antivirus and antispyware protection is deployed
to all computers on the Decision Analyst network. Additionally, email is protected
by separate antispam and antivirus services.
- Decision Analyst uses Secure Sockets Layer (SSL) encryption data storage
and transmission security.
- Decision Analyst's data-collection Web servers are load-balanced so that
surveys remain online, even if one of the servers fails or is taken down for
maintenance. The Decision Analyst data warehouse is attached to a secure storage
area network (SAN) for improved scalability and is backed up nightly.
- Equipment and data storage devices are rendered unusable and unreadable
at time of disposal. Hard-disk drives are written over and then destroyed.
Soft media is shredded.
Firewalls and Intrusion Prevention
- A firewall provides security for servers and the private network at Decision
- Network technicians proactively patch and update all servers as new vulnerabilities
are discovered and/or announced.
Incident Detection and Response
- Network technicians proactively monitor server event logs, firewall logs,
and network activity reports for suspicious events or anomalies.
- Network administrators are formally trained in hacking techniques, so that
they can better identify threats to the Decision Analyst network.
- Suspicious activity is investigated and reported to senior management.
System Development and Maintenance
- A “best practices” set of standards is maintained by the software
development team for internal development of Web-based software applications.
- All software is written with error-trapping and question-prompting routines
to ensure accuracy. All applications have quality-audit features built into
the software to reduce the likelihood of errors.
Software and Systems Processes
- Decision Analyst develops and maintains highly efficient, proprietary,
SQL-automated processes for online data collection that include reliable and
secure data-transfer processes.
- Client images/concepts displayed online are secured through a proprietary
system developed by Decision Analyst.
- The campus at Decision Analyst is protected by a closed-circuit, TV-monitoring
system and patrolled by on-site security guards.
- Building entrance doors are always locked, and entry is monitored and logged
by electronic access cards.
- Access to the computer facility is restricted to only those persons who
have legitimate need for access.
- The computer center is a hardened facility designed to withstand tornadoes
and includes a generator to run the center in case of electrical power failure.
- Physical security reviews are conducted annually.
- Decision Analyst actively encourages and provides incentives for all employees
to establish and maintain the computer equipment, systems, and software necessary
to be able to work from home and other remote sites, so that the company can
continue to operate in case of snow storm, fire, flood, or other catastrophe.
- Decision Analyst operates out of two hardened, secure computer facilities,
each equipped with backup generators for emergency power.
- The processing and reporting facility is geographically remote from the
data-collection facility and is equipped with backup servers that can be brought
online for data-collection, should the data-collection facility fail.
- Decision Analyst’s Emergency Action Plan is reviewed every six months.
The plan addresses all processes, systems, and technologies necessary to resume
normal operations in the event of a disaster.
Marketing Research Services
Decision Analyst is a leading international marketing research and analytical
consulting firm. If you would like more information on our marketing research
and analytical consulting services, please contact Jerry W. Thomas
by emailing email@example.com
or calling 1-817-640-6166.
Additional Resources from Decision Analyst