Engagefully Security

Home / Engagefully Security

Built on over 25 years of experience delivering enterprise-grade solutions, Engagefully is designed to ensure our customers’ success. Our privacy and security practices are of the highest quality and constantly enhanced to deliver world-class stability and confidence.

Headquarters and Network Operations Center

Software development and support is done from our headquarters, which leverages our time-tested Network Operations Center.

  • Fiber optic connectivity to multiple providers with automatic failover
  • Redundant enterprise routers and firewalls
  • Resilient climate control systems
  • Line conditioning provided by advanced commercial battery backup systems
  • Diesel generated backup power for extended outages
  • Actively monitored security with 24×7 video and audio monitoring

Cloud Infrastructure

Our mobile applications are hosted on Amazon Web Services (AWS) virtualized Infrastructure-as-a-Service offering. AWS provides a reliable and scalable infrastructure platform, which powers hundreds of thousands of businesses in 190 countries.

  • AWS is divided into Regions, which are physical data centers completely isolated from one another.
  • AWS operates dozens of Availability Zones within 16 geographic Regions worldwide.
  • Results Direct operates within multiple Regions and Availability Zones.
  • DNS is hosted in multiple geographic locations, including Europe and our own Network Operations Center.
  • DNS routes requests to the closest geographic location to ensure the fastest response possible.

Network Security

Our network security practices are designed to prevent and detect unauthorized access.

  • Firewall policies prevent unauthorized access from within or outside the network.
  • Systems are security hardened according to industry recommendations.
  • Intrusion detection systems are employed to identify unauthorized activity.
  • Alerts are monitored 24x7 and handled in accordance with established incident response procedures.
  • Security-related events are reviewed daily to identify anomalous or suspicious activity.

Vulnerability Management

Our vulnerability management program protects from new and emerging threats.

  • Penetration testing is performed regularly to assess organizational security.
  • Network-wide vulnerability scans are performed on a recurring basis.
  • Web applications are scanned periodically for common vulnerabilities.
  • Recently disclosed vulnerabilities are identified and assessed on a recurring basis.
  • Critical vulnerabilities are addressed within 30 days.

Software Development Practices

Our Software Development Lifecycle ensures privacy and security at every stage. 

  • Our entire team receives annual privacy and security training.
  • All network and software changes follow a strict change control process to ensure obligations are met.
  • Software developers are trained in secure coding techniques to avoid common vulnerabilities.
  • Software changes are peer reviewed to ensure best practices are adhered to.
  • Anonymized data is used for development and testing.

Application Architecture and Redundancies

Our applications are designed to perform when you need them and to prevent disruption.

  • Physical servers have redundant disk subsystems, networking, and power.
  • Web servers run in clusters to handle spikes in usage and provide fault tolerance should an individual node encounter a localized failure.
  • Web clusters are load-balanced, so web requests are processed using the most optimal node at any given time.

Application Privacy and Security

Our applications put you in control of your events and your users in control of their personal information.

  • Security measures are implemented at multiple layers and designed to protect against common attacks.
  • Access to personal information is governed by robust controls, and events can be as open or as restricted as admins like.
  • Individual users control their public profiles and can opt out of social features.
  • All data is managed through our backoffice portal or via API and requires an admin account or valid API key. 
  • Customers may have any number of admin users and may create admin accounts with access restricted to specific events.
  • Passwords are hashed using industry-standard encryption techniques. Only hashed versions of passwords are stored and cannot be decrypted.
  • All network traffic is encrypted using industry standard encryption to prevent unauthorized disclosure.
  • All personal information is processed and stored in the European Union.

Data Backup, Replication & Restoration

Our backup systems and processes are designed to ensure swift recovery from catastrophic failure.

  • Backups are captured daily and retained only for a finite period.
  • Outdated backups are destroyed to protect the confidentiality of stored information.
  • Restoration procedures are designed to meet defined recovery time objectives.