Robust Protections

Our Commitment to Security

We maintain the highest standards of security for all operational processes, ensuring our systems and your trust are well guarded.

Infrastructure Security

Production OS access restricted

QTalo restricts privileged access to the operating system to authorized users with a business need.

Encryption key access restricted

QTalo restricts privileged access to encryption keys to authorized users with a business need.

Remote access encrypted enforced

QTalo's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Production database access restricted

QTalo restricts privileged access to databases to authorized users with a business need.

Production network access restricted

QTalo restricts privileged access to the operating system to authorized users with a business need.

Network firewalls utilized

QTalo uses firewalls and configures them to prevent unauthorized access.

Production network access restricted

QTalo restricts privileged access to the production network to authorized users with a business need.

Firewall access restricted

QTalo restricts privileged access to the firewall to authorized users with a business need.

Organizational Security

Anti-malware technology utilized

QTalo deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Production inventory maintained

QTalo maintains a formal inventory of production system assets.

Product security

Control self-assessments conducted

QTalo performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.

Data encryption utilized

QTalo's datastores housing sensitive customer data are encrypted at rest.

Data transmission encrypted

QTalo uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks.

Internal security procedures

Board oversight briefings conducted

QTalo's board of directors or a relevant subcommittee is briefed by senior management at least annually on the state of the company's cybersecurity and privacy risk. The board provides feedback and direction to management as needed.

Board meetings conducted

QTalo's board of directors meets at least annually and maintains formal meeting minutes. The board includes directors that are independent of the company.

Whistleblower policy established

QTalo has established a formalized whistleblower policy, and an anonymous communication channel is in place for users to report potential issues or fraud concerns.

Cybersecurity insurance maintained

QTalo maintains cybersecurity insurance to mitigate the financial impact of business disruptions.

Roles and responsibilities specified

Roles and responsibilities for the design, development, implementation, operation, maintenance, and monitoring of information security controls are formally assigned in job descriptions and/or the Roles and Responsibilities policy.

Organization structure documented

QTalo maintains an organizational chart that describes the organizational structure and reporting lines.

SOC 2 - System Description

Complete a description of your system for Section III of the audit report.