Our Commitment to Security

QTalo restricts privileged access to the operating system to authorized users with a business need.

QTalo restricts privileged access to encryption keys to authorized users with a business need.

QTalo's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

QTalo restricts privileged access to databases to authorized users with a business need.

QTalo restricts privileged access to the operating system to authorized users with a business need.

QTalo uses firewalls and configures them to prevent unauthorized access.

QTalo restricts privileged access to the production network to authorized users with a business need.

QTalo restricts privileged access to the firewall to authorized users with a business need.

QTalo deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

QTalo maintains a formal inventory of production system assets.

QTalo performs control self-assessments at least annually to gain assurance that controls are in place and operating effectively. Corrective actions are taken based on relevant findings. If the company has committed to an SLA for a finding, the corrective action is completed within that SLA.

QTalo's datastores housing sensitive customer data are encrypted at rest.

QTalo uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks.

QTalo's board of directors or a relevant subcommittee is briefed by senior management at least annually on the state of the company's cybersecurity and privacy risk. The board provides feedback and direction to management as needed.

QTalo's board of directors meets at least annually and maintains formal meeting minutes. The board includes directors that are independent of the company.

QTalo has established a formalized whistleblower policy, and an anonymous communication channel is in place for users to report potential issues or fraud concerns.

QTalo maintains cybersecurity insurance to mitigate the financial impact of business disruptions.

Roles and responsibilities for the design, development, implementation, operation, maintenance, and monitoring of information security controls are formally assigned in job descriptions and/or the Roles and Responsibilities policy.

QTalo maintains an organizational chart that describes the organizational structure and reporting lines.

Complete a description of your system for Section III of the audit report.