Trust Center

Security and Privacy Controls for your Apps and Data

Quixy Trust Center

Security – A Priority at Quixy

As a leading Business Process Management (BPM) and Application Platform-as-a-Service (aPaaS) provider, Quixy enables businesses to design, develop, deploy, and manage enterprise-grade applications. Security is the highest priority with a strict no-compromise policy being adhered to at each and every step. Starting with the choice of cloud infrastructure that hosts the platform, the platform per se, and the ready-to-use applications designed on the platform – all of these three crucial aspects necessarily meet the highest security standards.

At Quixy we make security a priority at every step right from code development to incident response through the three aspects as mentioned. Starting with detailed planning, sound architecture, and efficient operations, we put everything into providing a stable, innovative, and secure platform.

Security Operations

We have adopted a set of ISO / IEC 27001:2013 Information Security System controls that govern the complete product life cycles – software development, delivery, support, and other related operations.

To ensure the security, credibility, and availability of the Quixy Platform and customer data, combinations of preventive, protective, and reactive controls are in place.

These controls include:

Security Operations

Maximum Privacy

At Quixy, data privacy is everything. We understand that customers rely on us to ensure that the privacy of their information will be protected and that their data will be used in a way that is consistent with their expectations.

Our clients determine which data they submit as customer data to the Quixy Platform. Concerning such data, Quixy acts as a data processor and addresses the following privacy commitments:

Restricted Access

One of the stringent security measures we follow is that access to customer data by Quixy personnel is restricted. The data can only be accessed when necessary to facilitate the use of the Quixy application by the customer after specific authorization has been provided. In addition, stringent authentication, including the use of multifactor verification, only serves to limit access to approved staff. Personnel access is withdrawn as soon as it is no longer required.

Notification of lawful requests

When stored within the Quixy Cloud, our customers should monitor their data. Under no circumstance do we disclose customer data to law enforcement authorities unless as directed by a customer or where required by law. When governments make a lawful demand from Quixy for consumer data, we aspire to be driven by standards, restrained in what we report and adhere to transparency.

Aligned to compliances

Compliance plays a crucial role in our customers’ interest and performance. We are committed to complying with the laws and regulations which apply to us as we take our business forward worldwide. In addition, we use universal standards to meet our client’s expectations as an organization or in a collaborative effort.

Coveted certifications

Quixy is ISO/ IEC 27001:2013 certified. This certification defines the criteria for the development, implementation, maintenance and continuous improvement of an information security management system and also provides specifications for the evaluation and treatment of information security risk relevant to our needs and that of our customers.

Quixy is also SOC 2 Type 2 compliant. SOC 2 Type 2 audit is conducted in compliance with the attestation standards set by the American Institute of Certified Public Accountants (AICPA).  The audit verifies not just the suitability of the design, but also the operating effectiveness of the data security and privacy controls over an extended period of time.

Our certifications and complaince reports are available for our customers upon request under NDA. Please send an email with your request to [email protected] or ask your Quixy Account Executive for a copy of the certificate.

Quixy Security


First published in September 2013, ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. ” Quixy considers security not to be optional, so therefore we aligned our vision on security along the three pillars of information security, better known as CIA, standing for Confidentiality, Integrity & Availability.

A SOC report is a verifiable auditing report which is performed by a Certified Public Accountant (CPA) designated by the American Institute of Certified Public Accountants (AICPA). It is a collection of offered services of a CPA concerning the systematic controls in a service organization.

There are three types: SOC 1, 2 and 3.

SOC 1 report is mainly concerned with examining controls over financial reporting. SOC 2 and SOC 3 reports focus more on the pre-defined, standardized benchmarks for controls related to security, processing integrity, confidentiality, or privacy of the data. SOC 2 is a restricted use report while SOC 3 is a general use report.

There are two types: Type 1 and Type 2.


Type 1: A point in time audit, during which auditors evaluate and report on the design of controls a company puts into place as of a point in time. 


Type 2: This type is more stringent compared to Type 1 and verifies the effectiveness of the security controls over an extended period of time. Auditors usually recommend a 4-6 months period for the first audit, and a 6-12 months period for consequent audits. It is important to note that there are no requirements or standards for the audit duration other than a 3 months minimum period.