Security and Reliability

Simply Voting was designed from the ground-up to minimize the risk of electoral fraud or breach of secrecy:

  • Voters who bypass authentication or have already voted are denied access to the ballot.
  • One-vote-per-voter is guaranteed by marking electors as voted and storing the vote in a single transaction. Even if a voter submits the ballot simultaneously on several devices, this technology guarantees that only one vote is accepted.
  • Ballots are rigorously checked for validity before being accepted.
  • All administrator and voter activity is logged with timestamp and IP address.
  • Communication between the voter's computer and our website is encrypted with TLS 1.3 and strong cipher suites to protect against current and future encryption attacks.
  • The entire voting system database is encrypted at rest using AES-256 encryption.
  • Our servers are "hardened" and are subjected to daily Trust Guard PCI Compliance security scans.
  • Our voting system is regularly subjected to penetration tests by CyberHunter and source code security audits by HP Fortify.
  • Simply Voting adheres to guidelines established by the Open Web Application Security Project.
  • Any change to the voting system must pass an internal security review before going live.
  • All staff workstations are kept up-to-date and protected by access password, firewall, anti-virus, anti-spamware and disk encryption.
  • We authenticate our emails with DomainKeys Identified Mail and the Sender Policy Framework to protect voters from phishing attacks.
  • Our servers are protected by a very powerful firewall, FortiGate Unified Threat Management, which includes an Intrusion Detection System (IDS) and a redundant firewall on hot standby. Webservers are further protected by the ModSecurity Web Application Firewall (WAF).
  • Network access is protected by a Virtual Private Network (VPN) and Two-Factor Authentication (2FA).
  • Simply Voting uses an automated and always-on solution from Radware to protect against Denial of Service (DoS) attacks.
  • We use redundant Anycast DNS deployments which protects against DNS-based DDoS attacks.

Fully Hosted & Reliable

Don't worry yourself about servers, IT staff, installing software or taking backups. Simply Voting gives you instant access to the latest technology and is ready to process millions of votes around the clock.

Simply Voting is built on an enterprise-class cloud computing service powered by high performance IBM hardware, with full redundancy across the entire infrastructure (no single points of failure). Our data centre is in a stable mountain zone, away from earthquake, hurricane, tornado, and severe weather zones. The data center contains advanced power, cooling and security infrastructure, and Cisco Data Center 3.0 network architecture. It is staffed 24x7, backed-up by an offsite network operations center. We also use several Anycast DNS clusters to ensure fault tolerance at the DNS level.

Simply Voting uses third party offsite monitoring tools to automatically monitor key “vital signs” of our voting system 24x7 and a technical staff member is immediately notified of any anomaly. Simply Voting maintains a Disaster Recovery Plan as well as a Hot Site at a backup data center in a different geographical area. The Hot Site is synchronized with the primary data center using remote database replication. Should the primary data center experience an outage, we have the capability of quickly redirecting traffic of the entire voting system to the Hot Site, minimizing disruption to ongoing elections and avoiding any loss of data. You can rest assured that your election is always protected and available in the case of a disaster.

For telephone voting, Simply Voting uses industry leader Plum Voice as a voice-to-web interface layered on top of our online voting system. Every component in the Plum Voice, fault-tolerant infrastructure has a backup and Plum's platforms have been tested by billions of calls since 2000. Plum's PCI Level 1 compliant operation actively secures and protects applications and data from digital, physical, and social intrusion vectors. Thanks to Plum Voice's flexible technology Simply Voting can easily scale up or down the number of dedicated ports needed, and the telephone voting system can handle spikes well beyond that number.

100% Availability Guarantee

Simply Voting endeavours to provide the most reliable infrastructure possible for our online voting system. We guarantee that all functionality is available 100% of the time in a given month, excluding special planned maintenance. We will credit your account 5% of your election fee for each 30 minutes of unavailability (up to 100%).

Confidentiality

TRUSTe Privacy Certification

Simply Voting takes secrecy of the vote very seriously. It is impossible for election organizers to determine what a particular voter has voted as the results are anonymous. All voter information is removed from our servers if you choose to have the election deleted. We never make use of voter information for anything other than voting and never share such information with third parties. Our privacy policy and voting system have been independently certified by TRUSTe for compliance with their Privacy Certification and Trusted Cloud requirements.

SOC 2 Compliance

SOC 2 Seal

Simply Voting is SOC 2 Type 1 compliant. The SOC 2 is a widely recognized auditing standard issued by the American Institute of Certified Public Accountants (AICPA). An auditor’s report details a service provider’s ability to offer adequate controls and safeguards when they host or process data belonging to their customers. The audit focuses heavily in the areas of security, availability and confidentiality. It addresses important topics such as backup and recovery, computer operations, and human resources. The data centers where Simply Voting servers are located are similarly SOC 2 Type 2 compliant. This attestation is an independent validation of the quality, integrity and reliability of Simply Voting's infrastructure and services.