OVERVIEW


  • The Opinion8 system uses the latest purpose-built hardware, providing the reliability and scalability needed for high demand telephony applications.
  • High performance, stability and security are ensured through use of open source technology. The Opinion8 website runs on Linux servers using the Apache web server, a combination of technology which hosts the majority of the world’s websites.
  • By using the latest stable technology, Opinion8 is able to integrate with practically all current and legacy telephone infrastructures. Using open source technology enables Opinion8 comfortably to support future telephony environments as well.
  • The Opinion8 telephony system was designed as a carrier grade solution. As such, Opinion8 is now operated as a service on the PSTN as well as being deployed locally at customer sites.
  • This flexibility and reliability enable Opinion8 to provide high volume international surveying across multiple contact channels (e.g. telephone, web and email).
  • The carrier grade solution provided by Opinion8 and the interconnect agreements with third party carriers enable Opinion8 to be an integrated part of customers call handling.
  • As well as providing full UK telecommunications services, Opinion8 can provide international calling, international numbering and call routing.
  • Opinion8 surveys and its management interface are intrinsically multi-lingual. Surveys (whether telephone, web or email based) can therefore be deployed to customers in any location in the world in any language.

DATA & SYSTEMS
SECURITY

EQUIPMENT AND HOSTING


  • The Opinion8 service uses computer equipment owned and operated solely by Square Systems Ltd.
  • These computers are located in commercial data centres in Bristol and Newport.
  • At the data centres, the physical access to each rack of computers is controlled by a different combination lock and the combination is changed regularly.
  • Each rack of computers is located in a secure suite.
  • Physical access to the secure suite is controlled by proximity cards.
  • Each proximity card is associated with a digital photograph stored in a central database.
  • A person is only allowed access to a data suite once he or she has swiped a valid proximity card and if they resemble the photograph held centrally by the security team. Visual identification is performed by digital CCTV. Similarly, access to each building is via presentation of suitable security pass and/ or proximity card depending on the site.
  • The computers used for Opinion8 run the latest secure stable version of Debian Linux as well as Apache web server and mySQL database.
  • Administration of the computers is performed solely by Square Systems employees.
  • All remote access is via SSH and authentication is by public-private key pairs with all private keys passphrase protected.
  • Root SSH login is disabled on all servers and only one of the servers will accept SSH connections from unknown IP addresses.
  • Opinion8 uses dedicated database servers. Backups are moved on and off machines over a private LAN. When they are moved over the Internet for disaster recovery it is done using the secure SCP protocol.
  • Warm standby database servers are maintained by replication over a private LAN and SSH tunnels.
  • All Square System's servers are firewalled (using Iptables) and use intrusion detection software (SNORT). Again, these items are managed by Square System’s administrators only.
  • Apart from functions that inherently require public access, such as web servers, Square Systems does not allow any third-party access to its servers.
  • The Opinion8 system is designed so that access to the database can only be obtained by users who are authenticated by the Opinion8 application.
  • Authentication is through a login to the Opinion8 application via a web-based user interface using a 256 bit SSL encryption.

RESILIENCE


  • The hosted Opinion8 application is a distributed system.
  • It is designed in such a way that connection between the two main components (telephony servers and web servers) is via https. This enables the components to be situated on different sites even allowing the telephony servers to be sited behind firewalls on corporate LANs.
  • Servers are connected via a high speed LAN. There is also an off-site standby system (in London Docklands) providing off-site backup and disaster recovery.
  • All servers run RAID 1 hard disk system with a hot standby disk.
  • RAID level 1 is disk mirroring, which is implemented so that the system will continue to run and boot in the event of a disk failure.
  • The hot standby disk will automatically be incorporated into the RAID in the event of one of the disks failing.
  • The database is replicated between two servers on the main site as well as to a server on the remote site. This ensures that there is live copy of the database on both sites as well two copies on the main site.
  • The main site has two web servers primarily for redundancy but also to provide load sharing if required.
  • A web server is also available on the remote site to provide a recovery option.
  • In addition to the replication, the database is backed up every night and a rolling seven day set of backups is kept. This gives the capability to recover data in the event that there is an accidental loss in data which is replicated between the standbys.
  • The telephony servers are serviced primarily via interconnects to Gamma Telecom.
  • The way that Gamma Telecom delivers the calls to the Opinion8 telephony servers ensures that if a call is not answered on one server it automatically tries another. This means that in the event of a failure of the primary telephony server, calls will automatically be forwarded to the secondary telephony server which is configured to process the calls in the same way as the primary.
  • Additional service providers (DIDXchange, DID Worldwide, Magrathea Telecommunications and aql Telecommunications) are also used for both inbound (to Opinion8) and outbound call traffic, thereby providing some independence between suppliers.
  • We have taken steps to protect ourselves against cyber attacks. We have successfully completed Cyber Essentials’ questionnaire and vulnerability testing, which specifies the technical controls required for IT infrastructure. For more information see https://www.itgovernance.co.uk/cyber-essentials-scheme.

SERVICE QUALITY & UPTIME RELIABILITY


  • In 2017, Opinion8 hosted seven million surveys. We expect our website to be available at least 99.9% of the time. We are so confident in our website’s reliability, for every 30 minutes our site is unavailable over 0.1% of any month, we undertake to refund one day’s worth of monthly minimum charge (per survey), up to a maximum amount of the total monthly minimum charges.

TECHNICAL ARCHITECTURE OF OPINION8 IVR


Opinion8 is a distributed system with different components of the system running on different computers which may be in different locations. An Opinion8 telephone survey is handled as follows:

  • The call arrives on the Opinion8 voice server.
  • The voice server makes a request to the controlling web server to run a survey, saying it has a call from a given telephone number.
  • The Opinion8 web server sends the appropriate survey to the voice server.
  • The voice processing equipment in the voice server runs the survey.
  • At the end of the call, the voice equipment sends the survey results and any verbatim comments left in response to open questions back to the web server.
  • Calls to Opinion8 can be transferred via the agent, automatically, or you can use call-back.

OPINION8 SECURITY


  • The Opinion8 security model supports data segmentation at customer and survey level.
  • The administrator and all users can only ever see data that belongs to their organisation.
  • These rules are enforced by the Opinion8 application which uses consistent modules to access data throughout the application.
  • The application is designed in such a way that no Opinion8 customer can access any information about other customers.
  • Mandatory filters can be applied to individual users so they can only view certain subsets of the data. This could be data from their team or call centre, for example.
  • Passwords for each user account are one-way hashed using SHA-256 with a unique salt value.
  • On previously failed logins, or login attempts from unknown IP addresses, a captcha image will appear.
  • All user login attempts, successful or otherwise, are logged to the system.
  • Each user's IP address is logged to our system.
  • After a period of inactivity, applications are automatically locked. Users must reconfirm their password to unlock the application.
  • All user interaction on the Opinion8 reporting site is via HTTPS.
  • Our Internet connectivity provider, HNS, provides us with Denial of Service protection.
  • We only install packages from known sources i.e. GPG validated online repositories.
  • Only the Managing Director and the Service Delivery Director have access to the Opinion8 application as super-users. Super-users are users who inherently have access to all the surveys configured on the platform. All other staff have access only to the clients they deal with on a day-to-day basis.

MONITORING HOSTING ENVIRONMENT


  • All significant performance indicators like CPU, memory, network, disk space and processes on all Opinion8 servers are monitored in real-time.
  • Full historical records are available, enabling us to predict future resourcing requirements and plan capacity.
  • Key staff are alerted by SMS and email, on failure of key processes or when performance metrics fall outside of defined acceptable limits.
  • The monitoring system used is the open source monitoring solution Zabbix.
  • As we manage the Zabbix implementation ourselves, we do not need to provide third party access to our survey platform.
  • Our Zabbix monitoring server is positioned at another physical location thereby providing a true remote view of our platform.

DATA VALIDITY


  • Opinion8 users are not able to alter the answers to surveys. Therefore, in the vast majority of cases the reporting is an entirely accurate reflection of the surveys participated in.
  • Particular responses, however, are occasionally deleted by Super Users for the following reasons:
  1. The responses were due to testing;
  2. The responses contained abusive verbatim;
  3. The responses contained verbatim which included personal information about the caller, which due to Data Protection policy needed to be removed.
  • Response deletion:
  1. Can only be performed by specific Opinion8 administrators;
  2. Is only performed on request and at the discretion of Square Systems;
  3. Is subject to controls which are put in place on a client-by-client basis, specifying who and under what circumstances a response can be deleted.

HIDDEN RESPONSES


  • Users can be given the permission to 'hide' responses from the web reporting. This permission is not enabled by default and needs to be requested.
  • Some clients find this facility useful, particularly when the Opinion8 survey is being used for 'staff engagement' purposes. Managers may decide, for example, to hide unfair or particularly negative feedback from the reporting.
  • Hidden questionnaires are fully audited. Reports exist to show hidden questionnaires and the reason why they were hidden and who by.
  • Additionally, hidden questionnaires can be 'unhidden' and made to appear in the reporting as usual.