ROTATOR SURVEY: Technical Aspects Related to Security, Privacy and Availability of Information
secure and confidential survey system

LOCAL DATA STORAGE IN WINDOWS

RotatorSurvey is a desktop application for Windows, which can operate under various architectures, including a simple shared folder scheme over a LAN, running on a Windows Server with remote access, or through an application virtualization system. Therefore and to a large extent, the security of ROTATOR applications depends on the security parameters defined by our users, both at the level of the Windows operating system and at the level of their local networks. Or if apply, at the level of the application virtualization systems used. In addition to this level of security, Rotator implements its own security mechanisms that will be addressed in this document. First of all, Rotator Survey DOES NOT USE ANY COMMERCIAL DATABASE MANAGEMENT SYSTEM, nor open or known RDBMS, instead it uses its own proprietary data management system, which we have named "ROTATOR". That is why ROTATOR is essentially a data management engine that uses a proprietary hyper-cube structure to store and access data of a spatial nature, typically found in surveys. Our multidimensional database, "ROTATOR", differs drastically from known OLAP schemes such as MOLAP and ROLAP as it employs a different approach, which we have named FOLAP (FORMULA BASED OLAP). Our engine is able to generate dynamic Boolean formulas to access the hyper-cubic data. In this way, besides obtaining a great variety of tab-crossings required by our users, it also adds an extra value to the total security of the system. Thus, the only way to read a Rotator file locally will be through its own applications. The only two ways Rotator offers to extract data from its database is by exporting to SPSS and Excel.

DATA STORAGE ON THE INTERNET

Since Rotator supports different data capture methods, an Internet cloud is required to host questionnaires that use the Web as a data collection platform, such as self-administered surveys, mobile device surveys, online CATI telephone interviews, or Web-based data transcription forms. In these scenarios Rotator does not store its data in open databases, nor in private commercial or open source-based databases. The data in the cloud consists of encoded text files, which, if extracted by potential hackers, it will be hard for them to interpret. That is, if a subject in a survey has answered that he/she would ENDORSE "ANDREW CUOMO", in the data file we will see something like V78=1. The equivalence table (or codebook) required to decipher the data does not reside on the Internet, but in the local station where the Modeler is installed, and only that station is able to interpret the data. To generate charts and reports to be displayed online, an encrypted code table is used, which makes hard to decipher even if the data file and codebook were extracted from the server. Finally, and in another order of ideas, our hosting providers have been evaluated and selected by our systems team with demanding technical and quality criteria. These companies guarantee us a high resilience to failures and availability of the service at least 99.9% (uptime), 24 hours a day, 7 days a week.

THE USE OF INTERNET SERVERS OUTSIDE THE LOCAL AREA

As a policy to ensure the operational continuity of the business of our customers and users, our company has as an infrastructure policy, the use of servers located in USA, EUROPE and CANADA. Thus, even though our company is located and operates from Venezuela, any local failure such as power outages, cuts in telecommunications services, among others, will not affect in any way the continuity of use and access to our products and services by our global users. To increase the capacity, performance and availability of the service in highly confidential or critical studies, our company provides the options: "PRIVATE SERVER" (OFF-PREMISES) and "OWN SERVER" (ON-PREMISES), which significantly maximize the security, availability and confidentiality of the data.


ROTATOR NETWORK ARCHITECTURE

Rotator Survey is a desktop application that behaves exactly as Microsoft Word, Excel or PowerPoint. The only difference is that Rotator uses the Internet to publish questionnaires and store the collected data in online repositories. In order for Rotator to publish your CAWI and CAPI questionnaires, it is required that there are one or more servers recognizable by the system. Rotator by default has in its backend a group of servers called the "THE ROTATOR CLOUD", composed of a pool of LINUX servers located in Canada, USA, ASIA and Europe. These servers are contracted from global providers, but managed and administered by our company and consist of shared boxes where our users publish their questionnaires.

rotator survey software architecture

CLOUD SERVERS - CONTROLLED BY ROTATOR SOFTWARE

A "cloud server" is a shared server where different clients can store their surveys. Rotator's cloud servers are medium-sized virtual servers (4 GB RAM, 2 CPUs and SSD disks), which allows running about 10 mid-sized surveys in parallel. As our company grows in clients and surveys, we will be adding new servers to the cloud. To differentiate the cloud servers we have named them after Greek gods, e.g. ARES, ARTEMIS, ADONIS, HERMES, EROS, POSEIDON, HADES, CHRONOS, ZEUS, AFRODITA, APOLLO, etc. All of them operating under the domain "ROTATORSERVER.COM", for example: "HTPS://ZEUS.ROTATORSERVER.COM". When a user publishes a questionnaire in our cloud, the system checks which server is the most available and publishes the questionnaire there. The disadvantage of using the Rotator cloud is its performance, especially for users who need to publish many questionnaires concurrently, or when questionnaires to be published are very large, either in terms of questions, participant base, cases or number of concurrent respondents. In these cases, we recommend opting by a "PRIVATE" server or by your "OWN" server.


"PRIVATE" SERVER - CONTROLLED BY ROTATOR SOFTWARE

A PRIVATE server is a server managed by Rotator Software, but is intended exclusively for a particular user, when hiring a private server an average configuration is offered (2 GB RAM, 2 CPU and SSD disks), which can be scaled to the extent of the customer's requirements. The advantage of a private server is that it is guaranteed that there are no other concurent surveys posted by other users, and that its use is exclusive to the contracting company. Although the "private" server is used solely and exclusively by the client, its administration is the responsibility of Rotator Software, and, likewise, although Rotator Software constantly monitors private servers to guarantee their availability, it is up to our suppliers to act and take responsibility when any hardware or software failures occur.


"OWN" SERVER - CONTROLLED BY THE END USER

As the name implies, an "OWN" server is a physical, virtual machine or hosting contracted to a third party by our users. In this case, ROTATOR SOFTWARE has no technical or administrative responsabilities and all administration, configuration, monitoring and backup tasks are in the hand of the end user. By adding your own server to the Study Modeler software, the communication is done unidirectionally MODELER <-> SERVER and at no time data or questionnaires are sent to servers owned by Rotator Software. Thus, the benefit of installing your own server is the total centralized control and confidentiality of your data. In addition to these benefits, the user can use their own hardware and scale it according to their needs, as well as apply corporate policies for usage, security and server backups.


USER AND PASSWORD MANAGEMENT

Like any multi-user system, Rotator allows you to define users with different roles or functions. Each user must have a login and a password that allows access to certain screens of the system, both locally and on the Internet. Rotator passwords are encrypted using methods such as MD5, both in the local sub-system and in the Online sub-system. As these techniques prove to be violable, or at the request of our users, our programmers may include new techniques for password encryption in the future. On the Web, when a password is posted on the initial screens, it passes through the SSL layer of our servers, which provides a second level of protection against hackers.


HANDLING OF PRIVATE PERSONAL DATA (PII)

PII (Personal Identifiable Information, USA) or GDPR (Europe). Rotator allows you to identify within your survey personal (private) data sensitive to be subject to a data protection policy at the level of your local legislation. Data marked as PII within Rotator is masked and cannot be exported, displayed or analyzed, unless the user allows a more flexible treatment of this data. By default, data such as telephone, home address, office address, first and last names, Id card (Social security number), IP address, geolocation point, income level, face photos, among others, are automatically detected by the software and marked as PII data. The data marked as PII within the Rotator database will have a rigorous treatment and only an administrator will be able to define the rules for its treatment, deployment and exportation. Such data will be blocked for all other users of the system if desired.


THE HUMAN COMPONENT OF SECURITY

Since our business is sensitive to the aspects of security, privacy and confidentiality of information, our work teams are very conscious of the importance of safeguarding statistical secrecy, and of the copyright that our users have over their instruments, methodologies and data. That is why, as long as the studies created with Rotator are accurate, reliable and confidential, our company will maintain a flow of business that will keep us active in the market. The Rotator platform has been, and is widely used by global clients conducting highly confidential studies, among them; political surveys, product launches, advertising studies, concept testing and other studies that require maximum security and confidentiality of the data generated. In addition to the technical aspects of security and confidentiality described above, our employees have signed confidentiality and information security agreements, which cover not only the data of our users and clients, but also the techniques, methodologies and know-how they used in their studies. Finally, our organization is not a virtual company, Rotator Software C.A., is a legal entity with physical existence, registered in the SENIAT of VENEZUELA under the number J-306-76774-6 and globally in DUM & BRADSTREET under the number D-U-N-S855064937.