What is Secure Form?
FormSite's Secure Form setting refers to additional advanced security measures applied to your FormSite account, forms, and results. Our default security allows you to create forms that can collect and handle data securely, however it is your responsibility to take advantage of these advanced features when appropriate.
Note: All forms at all service levels are able to access forms using https by default. What is https?
How Do I Create A Secure Form?
To create a form for collecting sensitive information using our advanced security settings, use the following guidelines:
- Use a Professional level account. Only Professional accounts can encrypt item results.
- For forms that send email Notifications, use the Secure Email email format, or use Results Views to exclude all items that contain sensitive information (e.g., credit card numbers or social security numbers). Email does not transfer data securely and should not be used to send sensitive information.
- Enable the "Encrypt Result" setting for each text field that collects sensitive information (e.g., credit card numbers or social security numbers).
- Enable the "Secure Form" setting on the form's Configure page to enforce security features.
Several terms are frequently mentioned when discussing online security:
- TLS - Transport Layer Security. This is the technology used to securely transmit data over a network. Some people refer to this as "SSL", which is the name of an older technology for the same purpose.
- HTTPS - HTTP Secure. This is how browsers securely transmit data to and from a website.
- encryption - This is a way to convert data into a format that cannot be read without a special key.
Short Answer, Paragraph, and Password Field items can store results in an encrypted format. Encryption is provided for data that needs "extra" security, such as credit card numbers and social security numbers. This type of data can be collected securely, but many organization have policies that it, further, must be encrypted when stored.
There is no limit to the number of items you can encrypt. However, for best performance, only enable encryption where appropriate.
The "Secure Form" Setting
To assist in enforcing security requirements, you can designate a form that collects sensitive information as a "Secure Form". This setting can be found on each form's Configure page.
The "Secure Form" setting affects the following:
- Insecure (http) links - Any insecure (http) links will refuse submissions.
- Reports - Any newly created Reports will require a password.
- Potentially insecure actions - Warnings will appear next to settings and features that, when used incorrectly, may result in data being handled insecurely.
NOTE: The "Secure Form" setting will only disable functionality that is guaranteed to be insecure. To remain flexible for as many users as possible, other features remain enabled but are noted as "potentially insecure". That is, insecure only when used incorrectly. When in doubt, refer to the guidelines in the "How Do I Create A Secure Form?" section above.
In order to securely collect data, you must distribute a secure (https) link to your form. Secure links will result in data being transmitted to and from FormSite securely. You can always determine whether a link is secure by checking that it begins with "https".
To get a secure link to your form, use the Publish page. All links are secure by default.
All FormSite accounts use a secure (https) connection when logged in. Viewing results within your account will be secure. However, once you download or export results outside of FormSite it is your responsibility to keep them secure.
FormSite uses high-grade SHA-256 RSA encryption for secure (https) connections, the same level of security used by banks and other financial institutions. Results that are encrypted use AES encryption, the encryption standard adopted by the United States government.
All FormSite servers are colocated exclusively in the cloud with Amazon Web Services. Find complete information on AWS Security here.