How do I Create a Secure Form?
To create a form for collecting sensitive information, use these guidelines:
- All Formsite forms use secure ("https") links by default. Secure links begin with "https", which is short for "HTTP secure". To collect form results securely, you must distribute or embed these secure links. If you change the "https" at the beginning of a link to plain "http", it will no longer be secure.
- Enable the "Secure Form" setting on your form's "Settings -> Security" page to enforce security features. Our default security allows you to create forms that can collect and handle data securely, but it's your responsibility to take advantage of security features when appropriate.
- Collect credit card numbers only with the Credit Card item type. This item type will automatically mask card numbers where appropriate.
- For Notification emails, use the "Send as password link" setting or use Results Views to exclude all items containing sensitive information (like credit card numbers or social security numbers). Email does not transfer data securely and should not be used to send sensitive information.
The "Secure Form" Setting
Forms collecting sensitive information should use the "Secure Form" setting, on your form's "Settings -> Security" page. The "Secure Form" setting affects the following:
- Insecure links: Any insecure ("http") links will refuse submissions.
- Results Reports: Any newly created Results Reports will require a password.
- Potentially insecure actions: Warnings will appear next to settings and features that, when used incorrectly, may result in data being handled insecurely.
Note: The "Secure Form" setting will only disable functionality that is guaranteed to be insecure. To remain flexible for as many users as possible, other features remain enabled but are noted as "potentially insecure". That is, insecure only when used incorrectly. When in doubt, refer to the guidelines in the section above.
Secure Results Files
Files uploaded with form results can optionally be secured by enabling the "Require login to access files" setting on your form's "Settings -> Security" page. This setting provides an encoded link for files which requires you, or your Sub-users, to be logged in.
By default, all forms are protected by an automatic reCAPTCHA. If an unusual pattern of submissions is detected for your form, a reCAPTCHA will selectively appear to prevent abuse. You can also customize the reCAPTCHA to always appear or never appear on your form's "Settings -> Security" page.
For compatibility with reCAPTCHA, it is best to make your forms at least 300px wide.
Increase your account security by enabling two-factor authentication (2FA). This connects a mobile device to your account to pass a time-sensitive passcode along with your username and password during login.
- Authentication: The safety of your account identification information is taken very seriously and is always encrypted in transit and at rest. Account passwords are subject to minimum complexity requirements. Login is required to access collected data and files by default.
- Authorization: Once authenticated, only your account, or sub-user accounts with correct permissions, will be able to perform actions on your data by default. We also offer secure options to share your results. We strive to maintain as tight controls on actions as possible. You may further customize your user and form permissions.
- Accounting: Access and activity to accounts and data are routinely logged and analyzed. This information is then regularly used for security reviews and monitoring, as well as performance maintenance. Major activity in your account is also logged and viewable online.
- Encryption: All data stored in your account, including data you collect with your forms, is encrypted at rest using the AES-256 encryption algorithm.
System and Network Security
- All Formsite servers are colocated exclusively in a cloud-based architecture with Amazon Web Services (AWS) using their datacenters with hosting in the United States. Find complete information on AWS Security on their security page. In addition to our own staff, AWS provides expert support and system maintenance.
- Formsite uses high-grade SHA-256 RSA encryption for secure (https) connections over TLS, the same level of security used by banks and other financial institutions. The AES-256 encryption algorithm is used to encrypt data at rest.
- High performance, stability, and DDOS mitigation are achieved through the use of load-balancing on public-facing servers, as well as redundant processing instances and databases across different physical locations. This allows us to support high traffic loads across our user base with high uptime.
- Formsite servers are routinely monitored and tested by internal and external PCI and system scans, and kept up to date with important security patches and software. Automated monitoring is also in place with the ability to alert Formsite personnel.
- Secure network access is enforced by multi-tiered firewalls, custom system configurations, and multi-zoned networks.
- All Formsite personnel are trained and regularly updated with the latest best practices regarding security and threat management.
- Access to Formsite resources is reserved solely for employees of Formsite, with minimal access permissions as needed.
- Activity on Formsite servers and networks is constantly logged and audited. Access to systems and data is highly restricted to only essential skilled personnel, and activity is both tightly controlled and monitored. Our staff also use best security standards, including two-factor authentication, private key-protected secure shell, secure VPN, etc., where possible.
Business Continuity and Disaster Recovery
- 24/7 monitoring and intrusion prevention systems are enacted for all public-facing services.
- Robust alert systems, secure processes and systems allow vital Formsite personnel to respond to issues within minutes at any time.
- Disaster recovery plans are in place, reviewed regularly, and distributed to all necessary Formsite personnel.
- Our system and network architecture provide a high degree of fault tolerance and recovery, both in security and performance. Important systems have redundancies in place to support fail-over processes and are also backed up routinely.
- Backups of all vital systems and data are taken regularly, and copied as appropriate to secure locations in order to provide contingencies across multiple systems and locations.
- Results data can be exported from your account, allowing you to create personal backups.
- We use technologies including Java, Linux, and MySQL to develop Formsite.
- All software produced by Formsite personnel is subject to regular screening, review, and testing, and is also held to best practices and industry standard guidelines in order to reduce vulnerabilities.
- Testing on all software is performed in multiple test, or "sandbox", environments before reaching the production environment.
- Advanced code deployment systems allow us to be able to develop and distribute patches or updates to our code quickly and safely should the need arise due to a bug or vulnerability.
- Formsite is PCI 3.2 compliant. Our servers pass routine PCI compliance scans and we will provide our scan certificate upon request.
- We are PCI compliant with respect to the handling of billing information for Formsite accounts.
- All payment integrations are PCI compliant (PayPal Standard, PayPal Pro, Braintree, Authorize.net, Stripe).
- If you elect to collect credit card information on your form, it is your responsibility to maintain the PCI compliance of your entire account.
- Collect credit card numbers only with the Credit Card item type.
- Do not collect the three or four digit CVV/CSC number. Under no circumstances is this ever allowed for PCI compliance.
- Upgrade to the Pro 3 level and use the Two-factor authentication feature for your login and any Sub-user logins. This will satisfy many PCI requirements with respect to protecting account credentials. If you elect not to use Two-factor authentication, you must adhere to username and password requirements outlined in PCI standards.
- Data must be removed prior to account inactivation and/or when data is no longer needed. It is your duty to remove the data after it is no longer needed or upon account de-activation.
- Results Reports should not be used as a means of sharing card holder data.
- Your share of responsibility extends to any actions that are in your control that are outlined in PCI standards. Formsite has covered all of the areas outside of your control.
- If in doubt of your compliance, we urge you to use one of the payment integrations. Formsite takes all responsibility for the compliance of the payment integrations.
Security Breach Response
While Formsite follows best practices and makes security a priority, transmitting and storing data will still carry some inherent risk. Due to this, we have procedures to enact should a breach occur. In addition to the monitoring and alerting systems mentioned above, our procedures also include contacting account holders by email or placing notices on our main website or within each account, as needed. We also maintain support round-the-clock to communicate with our users and address further questions and concerns.
Formsite offers many advanced features and functionality. Therefore, security of your data also relies upon your responsible usage. We provide many features, as noted above, to help protect your data. Responsible usage includes, but is not limited to, keeping your passwords and sensitive account information safe, publishing secure form links, and handling your published results data safely. Any data you distribute should be as limited in scope as possible, and use relevant security features, such as password protection, where possible. In addition, your data security also relies upon the security of any devices or networks that you use to access your Formsite account and data. This includes keeping your computer or device up to date with security patches, enforcing user security standards, and storing and deleting downloaded files safely. For more information on the responsibilities of using Formsite, also see our Terms & Conditions.
Due to our large and varied user base, requests for further specific details or custom security assessments may require a certain level of service. You may also see more details about the features included with each level of service on our pricing page or detailed pricing page. For large existing or potential accounts, we also offer several additional Enterprise services, including White Label and HIPAA Compliant services.