360 Review Feedback Q&A

Upcoming 360 Webinars

More Info
More Info
LiveChat









Fully Administered
Fast turnaround
Simple, Intuitive Reports
Very Quick to Complete
Complete Customisation
Learning Library Support
Choice of Frameworks
Process Tuning
Multi Lingual
Online Drill Down
Transparent Pricing

360 Feedback Security

When tendering for 360 Degree Feedback systems or services consideration of security and confidentiality is often overlooked or considered in insufficient detail. This is completely understandable since most HR managers have a lot more pressing issues to consider than the relative merits of https over http protocols! However the implications of inadequately specifying the management of your companies data can range from the merely irritating to loss of confidence by staff and even litigation if data is lost or maltreated.

In a recent bid a client informed us that she was amazed at the number of 360-degree suppliers who had not even registered with the appropriate Data Protection Agency. As with many things in life not all 360 Degree Feedback providers are born equal, and it may well be to your benefit when considering potential providers (or even reviewing your own supplier) to ask a few judicious questions... There are several areas of security to consider;

Access:

  • How secure is access to the service for your staff?
  • How strong is the password protocol used?
  • How flexible is the password protocol?
  • What level of security is used for collection of data?

Redundancy:

  • What back up procedures does the supplier have in place?
  • What and where is the weakest data loss point in the system?
  • Is data back up in real time or in batch?
  • How many servers are available and where are they?

Privacy and Consent:

  • Is the 360 Feedback data management statement clearly available to your staff?
  • Do you need to seek consent from staff to proceed with 360 degree systems?
  • Do you provide opportunity for staff to decline to proceed?
  • Is your supplier registered with the appropriate Data Protection Agency?
  • Where is the supplier’s commitment to Data Protection located?

Confidentiality:

  • Who has access to staff’s feedback?
  • What purpose is the data used for?
  • Is the data accessed by any staff other than the respondents?
  • How do you convince staff that their feedback is treated with respect and confidentiality?

Resilience:

  • What happens when internet connection is lost?
  • How quickly can the system be available when there is loss of service?
  • What is the possible worst case data loss scenario?

How Secure is your 360 Feedback Software?

Depending on your business size and 360 degree feedback software need some or all of the above may be relevant to you. If you have any concerns about the level of security required for your business, or have any other questions about 360 degree feedback systems or services we would be delighted to help in any way we can…. CR360° – providing 360 Feedback since 1997.

The issue of 360 degree software security is becoming more and more important. The responsiblity to manage individual data appropriately is an ever increasing problem. In broad terms any individual has the right to view any personal data stored about them, and people are using this right more frequently. Even if you decide you maintain the 360 data yourself, the following may be informative.

If you are using a 3rd party it is critical that you take the time to consider the technological and philosophical integrity of the supplier you might be considering. In order to compare 360-degree software suppliers, it would be very unwise not to consider the level of protection and security that your 360 degree software supplier has invested in. The following provides some pointers for your to consider;

1) Personal Data Protection

Is the supplier registered with their national Data Protection Agency? Is the suppliers philosophy and commitment document readily available? Are users informed as to how their data will be saved and used BEFORE they complete a questionnaire? Do users have the option to decline on privacy grounds? Is the supplier accredited by any independent bodies (BS7799, ISO 27000), or can they provide evidence of data risk assessment and management? Is data encrypted? If so what data is encrypted, and what levels of encryption are used?

2) Access management (online systems only)

What happens if there is an access failure? Even more importantly while questionnaires are being completed? Where are the possible points of failure in the system, how many are there and what is the recovery process for each possible failure? What is the worst possible failure mode? How many servers does the supplier use? Where are they? How do they communicate with each other

3) Data security

How does the supplier prove to you that they have built their 360-degree software as securely as possible? How is data backed up on the system? Are the application databases synchronised in real time? What type of hardware does the supplier use? Does the hardward use any type of automatic back up (eg RAID) technology? Are servers dedicated/virtual/shared?