Security

Our Commitment to Security

Qvidian strives to provide a secure, high-performing, and reliable service to our customers. Security is an integral part of all processes throughout the company. In an ever-changing landscape of new threats and attack types, Qvidian continually adapts our security posture to protect customer data.

  • Data and Infrastructure Security

    Security is the responsibility of every Qvidian employee. This is demonstrated throughout the company from secure hiring and onboarding processes, employee security awareness training, secure development practices, and a hardened infrastructure. All systems are regularly tested to ensure a high standard of protection, and protected by edge and web application firewalls. Data is encrypted at rest and in transit, with TLS and AES 256 encryption.

  • Regulatory and Compliance Standards

    Qvidian and all our datacenter providers are SOC 2 compliant or ISO 27001 certified. U.S. and European datacenters are segregated to ensure data isolation. Disaster recovery sites are segregated and geographically appropriate. Qvidian is certified for U.S.-E.U. Privacy Shield, and monitors for the latest security trends and bulletins.

  • Secure Procedures

    Qvidian follows rigorous hiring, change management, risk assessment, incident response, and disaster recovery plans. Each year, we invest in reinforcing infrastructure. Access to our various environments is provided only to those who explicitly require access. Systems are tested regularly throughout the year. Infrastructure follows a secure and fault-tolerant system design.

  • Centralized Control over Information

    Customer administrators can manage access and control of the Qvidian platform, specific features, and the organization’s content at either the organization, group, or user level. Administrators can determine feature permissions and content access through robust group-based permissions. Administrators have the flexibility to define groups based on their specific requirements and set appropriate content and feature access to meet a wide range of regulatory and compliance needs. Systems can be further protected by our IP whitelisting features or optional SAML-compliant single-sign on.