Keeping your valuable data safe is an absolute priority for us. It’s an obligation that guides everything we do when shaping and powering Nfield’s features. Every conceivable measure is taken to ensure both our team and our software solutions comply with the highest security standards.
Keeping your data secure depends on a wide range of measures working harmoniously together. A good way to visualize this is to imagine Nfield as a physical office building, where all the different market research and security departments are based. As with all commercial buildings, it is itself protected and complemented with off-site operations.
(click image to enlarge)
Nfield adheres to the security protocol established in ISO 27001:2013. The same as followed by our platform provider, Microsoft.
We maintain a strong security policy that ensures both your data and our products are safeguarded round the clock. Independent security experts (Paid Intruder) scrutinize our security procedures every year to evaluate our tools, processes and people. The measures to conform with ISO 27001:2013, as certified by an auditor (Auditor), are strictly followed in every wire connection and by every person in our company. As a matter of principle, the smallest possible number of NIPO specialists have access to Nfield’s infrastructure for carrying out deployments and maintenance.
Nfield runs on Microsoft Azure, the highly-secured cloud known for its flawless, trusted performance, extensive data storage and reliability. Microsoft’s engineers work 24/7 to protect the cloud, scale its powers and administer other services which run on it, including Office365.
Nfield provides a number of different features that enable you to secure your domain to the highest level.
Two-factor Authentication (2FA): Nfield accounts secured with two-factor authentication require users to enter a code (a token) generated by a standard authenticator app on a mobile phone. This has the effect of complementing something you know (your username and password) with a code obtained through something you have (your phone). It effectively blocks any unauthorized access to your Nfield account, even from those who have obtained your username and password, as these people (or their machines) are unable to retrieve the second factor code from the phone. Your valuable Nfield fieldwork and respondent data is thereby protected from prying eyes. Learn more in our article Protecting your Nfield login with two-factor authentication.
Single-Sign-On (SSO): For enterprises, Nfield can be set up to use Office 365 accounts for Nfield login. Administration of your Nfield user accounts, for as many Nfield domains as you have, is centralized in your organization’s single-sign-on layer. In the case of an employee leaving the organization or other reason for revoking a person’s system access (e.g. because of a security breach), Nfield will automatically be included in the revoked permissions, with immediate effect from when the account in the single-sign-on layer is disabled or reset. With SSO, your password policy for accessing Nfield is automatically aligned with that of your organization.
Strong password policy: Nfield can easily be configured to comply with strong password policies. Domain administrators can set rules for things such as password expiration period, old password re-use and strong password requirements (e.g. minimum number of characters and different character sets). You should also regularly revalidate your authorized users and ensure immediate removal of departing employees.
Nfield controls enable you to align with GDPR requirements by managing consent and other important privacy matters. There are also features for assisting your GDPR compliance, such as the ability to search across surveys for specific respondents’ data and delete or pseudomize their interviews if requested, and the ability to anonymize data at the point of interview. Find out more in our GDPR and Nfield Toolkit.
Surveys contain valuable, and sometimes sensitive, information. It’s therefore essential to restrict access to certain parts of surveys to those who really need it to do their jobs. This is done by assigning users with specific roles which only allow access to designated areas and functionality. Find out more in our article Controlling access to survey rights. Setting the right access also limits the scope of risk in the case of data breach.
The hypothetical building we’ve used to illustrate Nfield’s operation is managed by NIPO, who take care of its security and facilities to ensure compliance with the highest security and privacy standards. Our ISO 27001:2013 data security certification is strong and independent proof of our leading position in this respect. We have procedures for everything, encrypt your data everywhere, limit access across the board and continuously test for potential security flaws.
Your projects are stored in your own individual domain, inaccessible to anyone else – even our employees – unless explicitly requested by you for customer support purposes.
Nfield allows administrators to configure access on a user-by-user basis, defining the scope of activities every user is allowed to perform. Password requirements can also be set to enforce your chosen password policy, however strong you need it to be. All user actions are tracked and domain administrators can review them individually. The system automatically signs users out when inactive for more than 15 minutes.
Your collected data is stored in secure Microsoft SQL database servers and replicated in other data centers so it can be restored in the event of something going wrong. Microsoft security policies strictly regulate access to its data centers.
All your data is secured by SSL and encrypted to protect it from sniffing.
Different countries and industries often have their own specific regulations when it comes to data storage. To comply with this, market research companies need to give careful consideration to where their respondent data is stored. To enable data storage compliance, we have developed the ability to separate survey deployment from storage of respondent data. This means it is now possible, for example, to deploy a survey from the Hong Kong SAR Microsoft Data Center and store the respondent data in the Singapore Microsoft Data Center. Find out more in our article Local Data Storage Compliance, around the World.
Tablet devices are desirable prizes for thieves. Their thin, lightweight nature also makes them easy to forget about and accidentally leave behind. Nfield therefore also deploys additional measures to limit the extent of data exposure risk due to being locally stored on a mobile device.
Nfield ensures the minimum amount of information possible is present on any mobile device at any given moment. Each device is only sent the surveys and associated respondent information specifically assigned to its user(s). Data that no longer needs to be accessible is removed as soon as possible.
The same mobile device can be shared by multiple interviewers. Each survey and its collected data is only accessible to the relevant interviewer, via their login credentials. Interviewers cannot review, start or modify any surveys not specifically assigned to them.
Nfield questionnaires are stored in an encoded proprietary format. The original script is never displayed in an interviewer’s device, so interviewers cannot make changes.
Fully compliant practices and ISO 27001:2013 certification means you can rest assured when it comes to data security. And with cloud-based operation delivering unbeatable cost-efficiency together with all the capacity you need, whenever you need it, Nfield is the ultimate solution for improving both your quality of work and your profit margins.
Get notified when we publish new handy tips and important news about Nfield
© 2021 NIPO | Privacy | Cookie disclosure | Sitemap