security-1

Security and privacy at Quanscient

Security is at the core of our products - helping our customers keeping their data safe is our top priority.

security-mobile-2

Security and privacy at Quanscient

Security is at the heart of what we do

—helping our customers improve their security and compliance posture starts with our own.

Quanscient’s Product Security Team establishes policies and controls, monitors compliance with those controls, and proves our security and compliance to third-party auditors.

Access Governance

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

Defense Layers

Security controls should be implemented and layered according to the principle of defense-in-depth.

Consistent Security

Security controls should be applied consistently across all areas of the enterprise.

Iterative Control

Security is a continuous process. We review our policies and controls periodically (at least annually), including access to resources. Our employees receive annual security training.

SOC 2-1
Security and Compliance at Quanscient

Quanscient has passed SOC 2 Type I audit in December 2023. Now we are waiting for an audit report for the SOC 2 Type II certificate, and after attaining it we will naturally keep maintaining it. Furthermore, we will expand our compliance to ISO 27001 certification during the early 2025.

 
 

Data Security

How we keep your data safe.

Data at rest

All customer data, in addition to object-storage, temporary storage and databases are encrypted at rest.

Data in transit

We use TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We renew our SSL certificates regularly and we restrict the allowed ciphers to well-known secure ciphers only.

Data region

We keep customer data stored in their selected region, and the regions are isolated from each other.

Secret management

All our encryption keys are managed via Key Management System (KMS). Using KMS prevents direct access to the keys by any individuals, including employees of Quanscient. The keys are used for encryption and decryption via KMS APIs only.

Application secrets are stored encrypted and access to these values is limited to only the services that absolutely need them.

Product security

How we keep ensure our product security.

Penetration testing

We perform penetration testing internally for our production systems, including black-box, gray-box and white-box types of testing. We also order external penetration testing periodically.

All areas of our product and cloud infrastructure are in-scope for these assessments.

Vulnerability scanning

We employ vulnerability scanning at multiple stages of our Secure Development Lifecycle (SDLC):

  • Static analysis (SAST) at build time.

  • Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain.

  • Network vulnerability scanning on a periodic basis

 

Enterprise security

Endpoint protection

All of our devices are equipped with anti-malware protection, disc-encryption, automatic screen-locking, automatic software updates and we utilize password managers to prevent leaking access.

Secure remote access

As a cloud-first company, all the data we handle is securely stored and backed-up by our carefully selected, world-class vendors, who are committed to security. All connections to the services we use are encrypted using standard techniques.

Security education

We require our employees to complete annual security training. In addition to that, we have established a Product Security Team that has representatives from all of our teams. In their regular meetings, latest security information is shared and passed on to the teams by these representatives. In addition, we also follow security incidents and notify our employees on our internal communication channels about new threats or required measures.

Identity and access management

We utilize a security compliance management software to monitor the access rights and identities in the services we use. These are reviewed at least annually and any access to services needs to be requested via internal system and reviewed by the system owners before allowing access.

Vendor security

We have defined a policy for evaluating risks for any new service vendors we might use. We check them for compliance and thoroughly assess the risk and define the scope of usage of the services.

Data privacy

We care about your data.

Regulatory compliance

We comply with required GDPR requirements and other relevant regional regulations where we do business.
Privacy Policy

View Quanscient’s Privacy Policy.

Looking to report
a security concern?

Contact us via the form to the right.
report-security-issue

Security Concern Form