The following security and business continuity questions are typical of those asked by enterprise security teams during the purchasing cycle. We're putting these here so that you can decide as part of any pre-purchase review whether to engage more fully with FeedBlitz as a potential provider of email marketing services to you. We can obviously provide more detail as part of any purchasing process for qualified enterprise prospects, if necessary under mutual NDA.
Q: Is there a resource with responsibility for IT security within FeedBlitz?
Q: Are there information policies that are approved, maintained and circulated within the company?
Q: Where are your servers?
A: All except one are in the continental US. The one exception is in a data center in Spain, and holds no PII.
Q: Do third parties have access to your servers?
A: Yes, we house our servers in third party SOC2 / SOC3 / ISO 27001 data centers, and so like any data center their employees can access the physical machines, consistent with the relevant SOC standards, and only for server health reasons.
Q: Do third parties have access to user or client data?
Q: Do you back up your data regularly?
Q: Is client and subscriber data stored encrypted?
Q: Is the IT architecture fault tolerant?
A: Yes, through industry standard techniques, coupled with round-the-clock monitoring.
Q: Do you require strong passwords?
Q: What security is in place on individual systems?
A: We use a combination of approaches, including firewalls, DMZs, intrusion detection, anti-virus, log analysis, in-flight and at-rest encryption, and timely OS patch application.
Q: Do you run penetration or vulnerability tests?
Q: Do you have WWW or other query logs?
A: Yes. Data retention is no more than ten days for web server and other internal non-audit application logs.
Q: Do you have application logs and audit trails?
A: Yes. End user activity log data retention is 90 days; audit trail retention is one year.
Q: Do you support role- or scope-based security?
A: Yes. It's standard as part of our multi-user capabilities (additional seats are a separate fee).
Q: Do you have an enterprise support escalation policy / SLA?
Q: Can we physically purge data on request or account termination?
A: Yes, as part of any negotiated contract.
Q: How long is subscriber activity retained for?
A: Opens and clicks are retained for the life of the account.
Q: What about imports?
A: Uploaded and intermediate files and data are purged immediately once the import process completes. In the event an import is deemed to violate our terms of service, the data is retained to facilitate the ensuing client discussion. The data is deleted once the discussion ends.
For questions not answered here, or for more information, please email your contact at FeedBlitz, or support who will route your request for you. We are happy to expand on these answers for qualified buyers as part of an ongoing purchase process that complies with our requirements.