CivicPlus CivicPlus Add Approve Archive Arrow Down Arrow Left Arrow Right Arrow Up Attention Award Bar Chart Bookmark Bugs Clock Close Connect Conversation Decline Delete Desktop Download Email Email Favorite Add Favorite Flag Filter Menu Help History Home Idea Message Add Message Reply to Message Saved Message Messages Message Bubble Mobile Mobile Mobile Modify Notifications Remove Responsive Design Save Search Settings Facebook Facebook Facebook Twitter Twitter Twitter Support Upload Tools Users Video View

Local Government Website Security

You've got questions. We've got answers.

Q: When is CivicPlus available in the case of an emergency?

A: CivicPlus provides emergency support 24 hours/day, 7 days/week, and 365 days/year with a 1-hour response time.


Q: Why is your hosting so much more than (Wix, Squarespace, GoDaddy, etc.)?

A: It’s important to understand that we provide a very different service, and that the fees we charge cover more than just hosting. Our fees cover live support to answer questions and provide assistance; software updates, bug fixes & enhancements.


Q: Our IT team says they already have security measures in place?

A: That’s great! In working with over 3,500 cities and counties, we find that more often than not IT departments don’t have the resource they need to do everything. CivicPlus experiences attempted attacks on a weekly basis, which don’t penetrate our system. We average 1-2 attacks per month that require our full engagement. Our team and processes are pressure tested in real-world situations—based on our expertise and experience hosting with CivicPlus is one less thing for your IT department to have to stay on top of.


Q: Our provider says that we are covered and protected?

A. Many providers will have some security measures in place. Make sure you know what they are. For example, be sure to ask your current provider how they deal with disasters and how many data centers they are utilizing. Do they have a disaster recovery plan in place?

If working with a local provider, try and get a better understanding of their breadth, depth, and experience working with website security. A great question for a local provider is to ask where the servers are stored that your website resides on. If there is an emergency, were are the backup servers stored?

Also a good question is to find out what happens if there is a local disaster or are there backups in the office if someone goes on vacation? We are not saying that local providers don’t provide reasonable solutions, just make sure you know what they are before an issue comes up.


Q: What is hacktivism?

A: It is best described as electronic civil disobedience. It’s the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose-- and it’s on the rise!


Q: What is a DDoS Attack?

A: A distributed denial-of-service DDoS attack is an attempt to make your site unavailable to users by overwhelming the site with traffic from multiple sources. CivicPlus has procedures in place to deal with DDoS attacks.


Q: What does CivicPlus in the event of a DDoS attack?

A: CivicPlus has a five-step process we execute for every client in the event of an attack.


Q: What is included with disaster recovery?

A: Disaster recovery includes a secondary geographically disparate site. This provides redundancy of the primary data center. This redundancy of infrastructure assures business continuity in the event of a disaster at your primary site. CivicPlus offers disaster recovery.


Q: What is RTO?

A: Recovery Time Objective (RTO) is our commitment to the amount of time it will take us to get your site back on-line. Depending on the type of site the client has, and whether they’ve purchased a hosting and security upgrade, our RTO is anywhere from 14 days to 4 hours. We have RTO options that will fit the needs of any client. RTO is used in conjunction with RPO (Recovery Point Objective).


Q: What is RPO?

A: Recovery Point Objective (RPO) is the age of the files recovered from the last back-up that will be used to resume normal operation. Depending on the hosting plan and level of security you have, our RPO is anywhere from 24 hours to 4 hours. We have RPO options that will fit the needs of any client.


Q: What is live user detection?

A: When trying to determine legitimate traffic to your site, live user detection or CAPTCHA, differentiates human traffic from machine traffic. It requires the user to type letters or/numbers from a distorted image.


Q: CivicPlus has high performance SAN with N+2 reliability - What does that mean?

A: High Performance SAN = A SAN (Storage Area Network) provides a reliable method to quickly backup and restore your system in the event of an issue. 

N+2 Reliability = The N is for Need and the +2 means you have 2 more than you need. It indicates redundancy in hardware components. 

Bottom Line = We have the redundant hardware in place to assure business continuity.


Q: CivicPlus a Tier II data center - What does that mean?

A: There are four data center tiers—with four being the most robust. CivicPlus uses Tier II data centers, which is more than adequate for our size of business. Tier II provides 99.741% availability and has some redundancy in power and cooling systems.


Q: What is a man trap?

A: Well… it’s not what you think! Part of being a highly secure data center is controlled access. One way to achieve that is via a man-trap. It requires someone to go through two entry points to obtain access to the data center. CivicPlus utilizes a man-trap at our data centers.