Infrastructure

Medallia Agile Research infrastructure is designed to provide reliability, security, smart backups, and speed.

  • Reliability — The Agile Research SaaS platform is hosted in multiple data centers on multiple continents. Agile Research uses redundant hardware and load balancing to deliver unmatched up time and performance.

  • Security — All data is stored in Class A data centers with extensive physical security. Agile Research receives regular security audits, adheres to security best practices, and was the first survey tool with Two Step Verification.

  • Smart backups — All data is synchronized between data centers in real-time, with multiple copies being stored on multiple machines on multiple hard drives.

  • Speed — The Agile Research load-balanced multi-data center infrastructure is tuned for speed. Agile Research software is stateless, service based, has a small footprint, and makes significant use of a CDN.

Where is data stored?

Agile Research is an enterprise survey platform, and you can choose where your data is stored. Locations include the Canada, Virginia (U.S.), Ireland, and Singapore.

Data storage locations.

HIPAA, GDPR, and CCPA compliance

Agile Research is an enterprise-level platform serving government, healthcare, and financial clients; as such, privacy and security compliance is a priority.

Agile Research is compliant with major privacy and security regulations, which is built upon three pillars:

  1. Administrative safeguards — These safeguards include policies and procedures put in place to ensure the proper employee management, training, and oversight for staff that come into contact or manage personally identifiable information (PII) and protected health information (PHI). These safeguards also include providing tools to our clients to manage and limit the access to PII and PHI to certain user roles and specific users within their own accounts. This includes having agreements in place with service providers that perform covered functions. These agreements, called sub-processor agreements and Business Associate Agreements (BAAs), ensure that these service providers (Business Associates) process and safeguard PII and PHI in a secure and compliant manner.
  2. Technical safeguards — These safeguards include encryption at rest and in transit, firewalls, logging, encrypted data storage, business continuity, and fine-grained data retention rules controlled by our clients.
  3. Physical safeguards — These safeguards include the use of multiple class A data centers, data redundancy, data region isolation, and access to servers.

These pillars are covered extensively in our Data Processing Agreement.

Certificates of our hosting environment

  • PCI DSS Level 1 — Agile Research runs applications on PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud.
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II) — The SOC 1 report audit attests to control objectives that are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively.
  • ISO 27001 — ISO 27001/27002 is a widely adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that's based on periodic risk assessments.
  • FISMA Moderate — FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure based on the National Institute of Standards and Technology Special Publication 800-53, Revision 3 standard.
  • FIPS 140-2 — The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government security standard that specifies the security requirements for cryptographic modules protecting sensitive information.