Data and Information Security

We take the protection of your information and your community's information seriously. We are committed to complying with relevant standards in all of the jurisdictions in which we do business and have implemented processes and policies to support this commitment.
​
Granicus supports customers across Australia, Canada, the UK, the USA, and New Zealand. Our clients trust us with large amounts of sensitive information from a range of industries, including government and healthcare. 

What follows is an outline of the steps we have taken to secure our clients' data and help members of your community have confidence in our EngagementHQ platform.

We have successfully passed external audits for ISO 27001, a global standard for information security management. For more information about the ISO certificate, please contact our support team via chat or by emailing support@engagementhq.com.

We comply with the European Union’s General Data Protection Regulation (GDPR). 

The GDPR protects the fundamental right to privacy and the protection of personal data for people living in the European Union. It enforces robust requirements that have raised the standards for data protection, security, and compliance.

We are certified with Cyber Essentials, a UK government-based certification scheme for cybersecurity.

Our applications are continually monitored and tested for security weaknesses. We perform regular and ongoing internal application security assessments to discover and mitigate potential weaknesses based on the OWASP rating and methodology. We use automated tools and manual testing processes to make the EngagementHQ platform as secure as possible.. 

The operating systems and databases running our servers are continually monitored and patched with the latest security fixes. The web framework is continually monitored and patched by our internal development teams.

We have strict data access rules in place with detailed logging to prevent theft and misuse. 

Access is limited to key personnel involved in maintaining our services and support. Interaction with client data is only at the request of the client. EngagementHQ provides role-based access controls with unique usernames and one-way password encryption to help clients manage their own logins. 

SSL certificates and Single Sign-On integration are available for further protection. Data is stored within a mySQL database on AWS RDS with attachments stored within AWS S3. Amazon RDS has multiple features that enhance reliability for critical production databases, including automated backups, DB snapshots, automatic host replacement, and Multi-AZ deployments.

Data in transit is secured via SSL/TLS connections. Basic SSL Certificates are provided as part of our solution. Extended Validation SSL certificates are provided at an optional extra. We have TLS enabled for all our HTTPS connections. EHQ supports only TLS 1.2 and above.

Our application is secured through world-class security infrastructure provided by Amazon Web Services (AWS). AWS’s networks are multi-homed across a number of providers to achieve Internet access diversity.

The AWS network uses proprietary mitigation techniques providing significant protection against traditional security issues such as Distributed Denial Of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks, IP Spoofing, Port Scanning, etc. Additionally, our inbound firewalls are configured to permit only the absolute minimum connectivity required to provide service to our clients. Any changes to these access rules require authorization.

All EngagementHQ sites are hosted on Amazon Web Services (AWS) infrastructure. AWS is the leading cloud services provider in the world. Their suite of products and services, security controls, scalability, reliability, astonishing number of data centers, flexibility, and continued innovation make them the absolute best choice for hosting in the cloud.

AWS Cloud infrastructure meets the requirements of an extensive list of global security standards, including ISO 27001 and SOC. For more information, see the AWS Compliance page.

Our key hosting jurisdictions are listed below:

We make every effort to have 99.75% availability, and our up-times have historically remained above 99.9%; this is backed by our Service Level Agreements (SLAs). Even though we take all conceivable measures to ensure our service to you is uninterrupted, major events completely beyond our control can interrupt our service.

We take regular backups, which are maintained for 15 days, and have a well-tested recovery plan in place to minimize potential disruption from major events.

Our Disaster Recovery Plan is tested annually or when there is a major change in our environment, either to our infrastructure or application. 

In an emergency or disaster situation, we can retrieve and restore data from a single server snapshot on behalf of a client. We do not offer any client-managed data restoration options.

EngagementHQ conducts regular accessibility checks for conformance to Web Content Accessibility Guidelines (WCAG 2.2) Level AA standards. Results of the latest audit are available upon request; please contact our support team via chat or by emailing support@engagementhq.com.

We keep up to date with the latest advances in accessibility techniques, work to leverage new technology to improve accessibility, and act on recommendations from the regular audits. We also treat any issues identified by clients or participants as a matter of urgency and remain responsive to address the issues.

EngagementHQ is designed for all screen sizes, providing an accessible and full functionality experience for the community. 

EngagementHQ supports the current and last prior versions of the following browsers (desktop and mobile):

Learn more about EngagementHQ supported browsers and devices.

Contact our support team if you need any further assistance via chat or email support@engagementhq.com