Security Statement

From Q
Jump to: navigation, search

Contents

User Security

  1. Web-Q requires users to have a unique user name and password that must be entered when a user first logs on. The user's identity will be remembered, but will be discarded after 14 days without using web-Q. Customers may configure web-Q to change this period and to require that the user name and password be reentered for every session.
  2. Q Online Training requires users to have a unique user name and password that must be entered when a user first logs on. The user may opt to have his identity remembered by ticking a box during logon.
  3. Passwords are stored using one-way encryption.
  4. "Cookies" are used to store information about users inside each user's web browser. The cookies do not include either the username or password of the user.
  5. Secure Sockets Layer (SSL) technology protects user information and uploaded data. This uses both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons.
  6. Passwords and credit card information are always sent over secure 128-bit encrypted SSL connections.
  7. Our procedures for managing payments and account information are PCI-DSS compliant.
  8. Credit card information is not processed, stored or transmitted on our servers. It is handled directly by third-party payment processors who are PCI-DSS compliant.

Physical, Network and Storage Security

Web-Q and your Customer Page runs in data centers managed and operated by Microsoft Global Foundation Services (GFS). These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. More information is available from Microsoft.

Software

Code is written in C#, running on Windows Server and Microsoft SQL Azure. The latest patches are automatically applied to all our operating system and application files.

What We Do If There is a Security Breach

Attempt to notify users electronically. Review our policies and procedures.

Last Modified: 30 April 2015

Personal tools
Namespaces

Variants
Actions
Navigation
Categories
Toolbox