Your security, our concern
Award Force uses best practice security measures to protect you,
your company, your judges + entrants, and their personal data
You’re concerned about security. So are we.
We really must be. It seems like almost every day you hear of some large enterprise being hacked and an enormous breach of privacy occurring. It’s often shocking, the apparent lax security of organisations large and small.
Whether you’re running an awards program, grant program or similar, chances are you are collecting personal information from your participants, or commercially sensitive information. It’s vitally important to protect this with the best available technologies and practices. Award Force does that. If you’re evaluating other potential providers please be certain they take security and privacy very seriously too— unfortunately it’s not a given.
We are confident that we have one of the most secure online application + evaluation solutions worldwide. If not the most secure.
GDPR & CCPA compliant
Award Force is packed full of features to help you maintain your General Data Protection Regulation (GDPR) and Californian consumer Protection Act (CCPA), compliance. Users have access to consent options during registration, can set their notification preferences at any time. You can identify fields with personal/sensitive data to apply additional levels of security, or assist your users with any privacy requests; download user data for information requests or permanently delete a user on request.
ISO/IEC 27001 certified
ISO 27001 is a specification for an Information Security Management System (ISMS), set by the International Standards Organisation (ISO). Award Force has been independently audited and verified to fulfil the requirements of the ISO / IEC 27001 : 2013 standard. When dealing with Award Force, you can be confident that your participants’ information remains confidential, the integrity of this information is maintained and is readily available at all times.
Individual users can choose to increase protection of their account against unauthorised access by enabling multi-factor authentication (MFA). MFA can also be required for specific roles with elevated access levels. The primary authentication method after password is a Time-based One-Time Password (TOTP). Backup recovery methods include recovery codes and SMS.
In keeping with best-practice security, all data at rest (in our databases) is stored encrypted. All data in transit (including login credentials and credit card details for paid entry awards) is protected using TLS 1.2 (https) by default, with 256-bit encryption key and SHA-256 signed certificates.
Award Force databases are mirrored in real time across separate geographic locations for resilience. Databases are backed up daily and retained for 30 days. Uploaded media is stored in Amazon S3, meaning it is redundantly stored across multiple geographic locations and multiple devices in each location, for ultimate redundancy.
Roles and permissions access control
Award Force has an extensible system for defining user roles and associated system use permissions so that your users can only access functionality they’re permitted to, whether they be entrants, judges, coordinators or managers.
Credit card data
Award Force is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), integrating with 3rd party payment gateways for credit card payment handling on paid entries. Customer credit card details are not stored in Award Force databases, only passed directly to the payment gateway.
We manage our own server instances on Amazon’s AWS infrastructure. Award Force accounts are never in a hosted environment shared with other unknown companies or websites. Our multi-server architecture is secured in a Virtual Private Cloud (VPC).
The Award Force private cloud
At Award Force we operate our own high-resilience Virtual Private Cloud (VPC). All our application stack physical infrastructure and data storage is within Amazon Web Services (AWS) data centres in the EU. AWS data centre and network architecture are built to comply with stringent global standards and meet the requirements of the most security-sensitive organisations.
AWS data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems, and other electronic means.
Have more questions?
Download our CAIQ questionnairre
The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency.
Frequently asked security questions
Award Force uses Amazon Web Services (AWS) infrastructure to host the system. Our application and database servers are located in the European Union. For security reasons, Amazon does not publish the physical locations of their data centres. Media files will be stored in one of 3 global regions (your choice between Europe, North America or Asia Pacific) for smooth viewing/listening experience and performance.
Yes, custom domains are available on the Pro plan.
The Award Force application is packed full of features to help clients maintain GDPR (General Data Protection Regulation) compliance. In our opinion, GDPR is the most stringent and robust user privacy law worldwide – as such, complying with GDPR ensures our coverage of some lesser known or less stringent alternatives.
Yes, we are more than happy to pass along our ISO 27001 certificate, penetration testing results and PCI-DSS attestation. Please get in contact to discuss.
More features for you
Managing your program
Powerful configuration options. Easy program management. Relaxed teams.
Sophisticated yet easy to use.
Helps your judges make great decisions.
Entrant experience and usability
All the features to help your entrants submit better, and more entries.
Features to help you match your brand and extend your visibility