Feedback Ferret is accredited with the widely-recognised international security standard ISO/IEC 27001:2017.
The certification has been made in recognition of its information security management system (ISMS) for customer feedback solutions, text analytics and actionable customer insight.
The ISO/IEC 27001:2017 security management standard applies to all business functions within the scope of Feedback Ferret’s Voice of Customer solution. It covers the information, information systems, networks, physical environment and people supporting the solution.
Feedback Ferret recognises the importance of keeping the information safe that it holds on behalf of its clients. The company is committed to ensuring all data, copyrights and trademarks are kept secure while it is being collated, processed and delivered. Our clients can be assured that their data is perpetually managed in a safe and secure manner.
The processes and controls used by Feedback Ferret have been assessed by an independent auditor (British Assessment Bureau) and this auditor has confirmed that the company is operating in accordance with the ISO/IEC 27001:2017 certification standard.
To download Feedback Ferret's ISO/IEC 27001:2017 certificate, please click HERE.
To download Feedback Ferret’s ISMS Policy, please click HERE.
At Feedback Ferret we take our responsibilities to secure our clients’ data seriously, including personal identifiable data. In order to give you assurances as to the steps that we have taken, and continue to take, to meet our compliance obligations under the Data Protection Act and the General Data Protection Regulations, we are happy to provide you with details of our policies and procedures.
To download the Feedback Ferret GDPR Audit Response Document, please click HERE.
Overall Approach to Compliance
As a business which frequently works with significant quantities of data, Feedback Ferret is committed to fulfilling its legal responsibilities with respect to managing and securing such data, and has put robust measures in place to ensure it complies with all applicable data protection laws. Mark Spicer (Director) is the nominated individual within the company who has overall responsibility for our compliance processes.
In order to meet our new obligations under the GDPR we have taken the following steps:
Roles and Responsibilities
In relation to Feedback Ferret’s contracts with its customers, Feedback Ferret is a data processor and you, our customer, are the data controller.
As a data processor, we are committed to ensuring that we have systems and processes in place to enable us to process data appropriately and in accordance with your instructions. These systems include our ability to amend and delete data at your request, to enable you, as data controller, to meet your obligations under the GDPR and ensure that the data we are processing on your behalf is kept up to date.
Where possible, we encourage our customers to provide the minimum level of personal identifiable data to us, as often it may not be strictly necessary for us to see it in order to provide our services. Where we receive data fields that we do not require, we will use reasonable efforts to avoid processing this data.
Nature of Data Processing
Feedback Ferret processes data it receives from its clients or prospective clients, which may contain personal data, pursuant to an agreement to produce the deliverables specified therein.
All data, including personal identifiable data, is stored using Amazon Web Services (AWS) at its secure cloud services platform located in the EU (UK, Ireland and Germany).
Data Protection by Design and by Default
We take a number of technical and organisational measures to protect the personal data that we are processing on behalf of our customers. These are set out in our Corporate Security Policies which are available on request.
We regularly review our security measures, including undertaking penetration testing of our systems, and we are also audited annually by an independent third party for compliance with our ISO/IEC 27001:2017 to ensure that we continue to meet current standards.
We ensure that all of our staff receive regular training and understand the risks associated with handling and processing personal data, including Security Awareness Essentials (formerly Fundamentals of Information Security).
At Feedback Ferret we handle most of our data processing in-house. However, we will notify you where we may outsource some data processing activities to third parties.
Where Feedback Ferret does engage sub-contractors, we undertake due diligence on them and their businesses to gain assurance on their approach to data protection issues equivalent to those set out in this document. This enables us to give the same assurances to you, our customer.
At Feedback Ferret we ensure that all our sub-contractors sign up to equivalent contractual terms to those set out in our contracts with you, to ensure that all the personal data that we are processing on your behalf is processed securely and appropriately.
Records of Processing Activity
We will ensure that we maintain the appropriate records of the processing that we undertake on behalf of our customers.
These records are retained for the duration of the contract with our customers, and for up to 6 years after termination of the relationship with a customer.
Data Security Measures
At Feedback Ferret we take a number of operational and technical security measures to ensure the personal data we process is managed securely.
Feedback Ferret holds the following Certification Scheme: ISO/IEC 27001:2017.
We conduct regular reviews of our own technical and organisational measures. Please contact Vian van der Berg (Business Manager) at firstname.lastname@example.org for more information.