We recently found out that we lost a prospective client to a competitor. The reason? Price. A competitor agreed to run this election for less than what we were going to run it for. The project was a web election for about 15,000 members.
We’ve heard of this competitor before and were always curious about them because they don’t have a physical business address listed on their website. After a little digging to find out where they were located, it turns out the competitor’s business address is a personal residence – that’s right, this election service company is being run out of someone’s home.
We were a bit shocked. Not that it was a home-based business; there are more than 28 million of those in the U.S., after all. No… what we couldn’t believe was that a financial institution went with a “bargain” election and chose an election provider that will most likely not be able to follow best practices to keep member data and their election information safe.
There are definitely certain elements your organization will not get if you choose to go with a “cut-rate” election. What’s missing?
A private server environment that guarantees 99.9 percent uptime
Your organization’s name, reputation and member experience is tied closely to your election process. If your online election goes down, you’re going to hear about it – and your members won’t be happy.
It’s vital that your election technology be hosted in a place where it will remain secure, up and active. Think a business run from someone’s home is linked to a server environment that guarantees uptime and is monitored 24/7 by highly trained and certified engineers? Probably not.
When selecting a potential election partner, ask “Where is my election going to be hosted and what is the uptime guarantee?”
Programmers on staff
In-house programmers ensure online voting systems and election technology stays up-to-date with the latest security and is immediately flexible to the needs of your members.
When coding and programming are outsourced, adjustments and updates are only done periodically. This can compromise measures needed to make applications completely secure. And it can significantly delay updates too.
Ask your potential elections partner, “Are your programmers on staff and how quickly we can make changes to code in an emergency?”
A secure process for member databases
It is essential that your member databases be protected through secure encryption, firewalls, hard passcode policies, active monitoring processes and limited access by credentialed experts. These steps defend sensitive information from loss, intrusion/hackers and breaches of confidentiality.
Your data is critically important to your organization’s reputation. If member data or election information is compromised during your election, your members not only lose faith in the election but the organization itself. You don’t have to look further than recent headlines to see the effect a data breach can have on an organization (Target, Home Depot, etc.)
Ask your election provider, “Can you demonstrate how you are going to keep my member database, documents and election information safe at every point during my election?”
A documented process for physical elements of your election
Checks and balances guarantee the integrity and accuracy of your final and certified election results. Election partners should have documented procedures, accountability and chain-of-custody policies that are defensible and provide for accurate results. Locked vaults, check-ins and daily delivered counts offered by credentialed staff with limited access are a must.
Ask your election partner, “Can you show me the chain-of-custody for the paper pieces involved with my election and describe the physical security you use to keep my election safe?”
A disaster recovery plan
If disaster strikes, what happens to your election data? An election partner should have in place a process to keep member and voting data safe in case of a disaster. Election data needs to be co-located at least 200-300 miles apart.
Ask your election contact, “Where is my data co-located and what is your disaster recovery plan?”
When we considered the situation with this financial institution opting for a “bargain” election, a few other questions made their way into our discussions:
- Would the leaders, CEO and IT team of this member organization be ok with their election being running out of a home office or basement?
- Would the members of this financial institution be ok with this situation?
- Are there appropriate security precautions and features in place to keep this election safe?
- Knowing the risks, is it worth it to save about $1,500 on a project like this and not have the above security precautions in place?
We all agreed the answer was a resounding, “No.”
SBS understands the need for cost-effective election solutions and we strive for them in every client situation, but never at the expense of an organization’s reputation and putting member data in harm’s way.
With a new year and new elections on the horizon, the time is now to evaluate your third-party election provider. If they take your elections seriously and put a high priority on security, data back up and privacy, they’re on the right track. If they are running your election from a home, basement, garage or won’t give you straight answers to the questions above, it is time to find a new partner.
How would you feel if you found out your election was being run similar to the situation listed above? Let us know in the comments below. For more information about the importance of security and privacy, contact us.