Security Statement

From Q
Jump to navigation Jump to search

SOC 2 Type I Compliance

Q Research Software (as a division of Displayr) has achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18. Displayr was assessed according to AICPA's Trust Service Criteria for Security, Confidentiality and Availability. Achieving this standard with an unqualified opinion serves as third-party industry validation that Displayr provides enterprise-level security for customer's data.

User Security

  1. Q Online Training requires users to have a unique user name and password that must be entered when a user first logs on. The user may opt to have his identity remembered by ticking a box during logon.
  2. Passwords are stored using one-way encryption.
  3. "Cookies" are used to store information about users inside each user's web browser. The cookies do not include either the username or password of the user.
  4. Transport Layer Security (TLS) technology protects user information and uploaded data. This uses both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons.
  5. Passwords and credit card information are always sent over secure 128-bit encrypted SSL connections.
  6. Our procedures for managing payments and account information are PCI-DSS compliant.
  7. Credit card information is not processed, stored or transmitted on our servers. It is handled directly by third-party payment processors who are PCI-DSS compliant.

Physical, Network and Storage Security

Your Customer Page runs in data centers managed and operated by Microsoft. These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2013, for security and reliability. More information is available from Microsoft.

Software

Server side code is written in C#, running on Windows Server and Microsoft SQL Azure.

The latest patches are automatically applied to all our operating system and application files.

Employee Policies

  • All new employees are made aware of our security policies and their relevant responsibilities.
  • All employees leaving the company have their access rights immediately revoked in our systems.

R Server

See Security and R.

What We Do If There is a Security Breach

  • Attempt to notify affected users electronically within a timely manner.
  • Review our policies and procedures to mitigate the risk and limit the effect of a similar breach in future.

Last Modified: 8 May 2020

Retrieved from ‘https://wiki.q-researchsoftware.com/index.php?title=Security_Statement&oldid=64058