Security – A Priority at Quixy
As a leading Business Process Management (BPM) and Application Platform-as-a-Service (aPaaS) provider, Quixy enables businesses to design, develop, deploy, and manage enterprise-grade applications. Security is the highest priority with a strict no-compromise policy being adhered to at each and every step. Starting with the choice of cloud infrastructure that hosts the platform, the platform per se, and the ready-to-use applications designed on the platform – all of these three crucial aspects necessarily meet the highest security standards.
At Quixy we make security a priority at every step right from code development to incident response through the three aspects as mentioned. Starting with detailed planning, sound architecture, and efficient operations, we put everything into providing a stable, innovative, and secure platform.
Security Operations
We have adopted a set of ISO / IEC 27001:2013 Information Security System controls that govern the complete product life cycles – software development, delivery, support, and other related operations.
To ensure the security, credibility, and availability of the Quixy Platform and customer data, combinations of preventive, protective, and reactive controls are in place.
These controls include:
- Stringent restrictions on access to sensitive data, including multifactor authentication or certificate-based authentication for sensitive operations.
- Thorough background checks of staff who are part of customer data operations.
- Various levels of tracking, logging and reporting rates, including self-service tools are built into the Quixy Platform
- A 24/7 incident security service working to minimize the consequences of attacks and malicious activity
- A life cycle of software development that integrates security specifications into systems and applications across the phases of planning, design, implementation, and delivery.
Maximum Privacy
At Quixy, data privacy is everything. We understand that customers rely on us to ensure that the privacy of their information will be protected and that their data will be used in a way that is consistent with their expectations.
Our clients determine which data they submit as customer data to the Quixy Platform. Concerning such data, Quixy acts as a data processor and addresses the following privacy commitments:
Restricted Access
One of the stringent security measures we follow is that access to customer data by Quixy personnel is restricted. The data can only be accessed when necessary to facilitate the use of the Quixy application by the customer after specific authorization has been provided. In addition, stringent authentication, including the use of multifactor verification, only serves to limit access to approved staff. Personnel access is withdrawn as soon as it is no longer required.
Notification of lawful requests
When stored within the Quixy Cloud, our customers should monitor their data. Under no circumstance do we disclose customer data to law enforcement authorities unless as directed by a customer or where required by law. When governments make a lawful demand from Quixy for consumer data, we aspire to be driven by standards, restrained in what we report and adhere to transparency.
Aligned to compliances
Compliance plays a crucial role in our customers’ interest and performance. We are committed to complying with the laws and regulations which apply to us as we take our business forward worldwide. In addition, we use universal standards to meet our client’s expectations as an organization or in a collaborative effort.
Coveted certifications
Quixy is ISO/ IEC 27001:2013 certified. This certification defines the criteria for the development, implementation, maintenance and continuous improvement of an information security management system and also provides specifications for the evaluation and treatment of information security risk relevant to our needs and that of our customers.
Quixy is also SOC 2 Type 2 compliant. SOC 2 Type 2 audit is conducted in compliance with the attestation standards set by the American Institute of Certified Public Accountants (AICPA). The audit verifies not just the suitability of the design, but also the operating effectiveness of the data security and privacy controls over an extended period of time.
Our certifications and complaince reports are available for our customers upon request under NDA. Please send an email with your request to [email protected] or ask your Quixy Account Executive for a copy of the certificate.
FAQ
What is ISO 27001?
First published in September 2013, ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
Why is there a need for ISO 27001?
According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. ” Quixy considers security not to be optional, so therefore we aligned our vision on security along the three pillars of information security, better known as CIA, standing for Confidentiality, Integrity & Availability.
What is a SOC report?
A SOC report is a verifiable auditing report which is performed by a Certified Public Accountant (CPA) designated by the American Institute of Certified Public Accountants (AICPA). It is a collection of offered services of a CPA concerning the systematic controls in a service organization.
What are different types of SOC reports?
There are three types: SOC 1, 2 and 3.
SOC 1 report is mainly concerned with examining controls over financial reporting. SOC 2 and SOC 3 reports focus more on the pre-defined, standardized benchmarks for controls related to security, processing integrity, confidentiality, or privacy of the data. SOC 2 is a restricted use report while SOC 3 is a general use report.
What are different types of SOC 2 reports?
There are two types: Type 1 and Type 2.
Type 1: A point in time audit, during which auditors evaluate and report on the design of controls a company puts into place as of a point in time.
Type 2: This type is more stringent compared to Type 1 and verifies the effectiveness of the security controls over an extended period of time. Auditors usually recommend a 4-6 months period for the first audit, and a 6-12 months period for consequent audits. It is important to note that there are no requirements or standards for the audit duration other than a 3 months minimum period.
- Download the App
Read Our Reviews
