Smallbox is proud to be a Canadian based company with its headquarters in Victoria, British Columbia. Our Content Management System (CMS) was designed with security in mind and adheres to best practices in this area. Our CMS supports the following mission critical websites: BC Film Commission, BC College of Pharmacists, City of New Westminster, Exhibition Place, QuitNow and UBC Planning. We are familiar with government protocol and the need for Canadian based content and technology.
As a result we only use Canadian service providers whose business operations are based in Canada. Smallbox runs what are referred to as Managed Servers meaning we have the servers configured to our specific needs and they are available only to us. All server administration is done securely through the encrypted SSH protocol. This is further secured by only allowing secure 2048 bit key authentication (no passwords allowed). Our servers are behind a firewall.
The following questions are ones addressed by our server provider Robson Communications Inc.:
Q: Are all your datacenters located in Canada?
A: Yes. Our datacenters are located in Vancouver, Calgary and Toronto. Having datacenters located in multiple geographic locations delivers the level of redundancy needed to ensure information and resources are always available – online and on-demand.
Q: Does Robson store information outside of Canada?
A: No. We only store information in Canada. When your private information is stored in the US it may be subject to American laws like the Patriot Act, which would in turn run the risk of breaking Canadian privacy laws. Whether you’re located in Canada, the Unites States or the European Union, your private information is more effectively and consistently legally safeguarded when it is stored in Canada.
Smallbox takes the overall security of our software and server environment very seriously. We review our software on a regular basis and sourced our current server provider based on their knowledge, expertise and track record . Separating the hardware from the software was a decision made many years ago to ensure there is a team dedicated to the security, reliability and maintenance of hardware just as we do for the software.
We are familiar with Canadian privacy laws surrounding the collection and storage of user data and have reviewed the FIPPA and PIPA acts and have been assessed and deemed compliant though other corporate projects.