How Qtis manages and stores data

Some of the security features that Qtis offers in its core system are as follow:

Two-Factor Authentication
In addition to entering a user’s email address and password, users can also implement a one-time use passcode (OTP) required for a user to login.  This feature, which updates every time a user logs in, adds another level of protection for system users mitigating the compromise of unwanted access.

Password Encryption
Qtis employs salted hashing of passwords, which is the strongest password encryption type currently available.

User Inactivity
By timing sessions for each individual user, Qtis logs inactivity and cues an automatic logoff after remaining inactive for a certain amount of time, allowing for further protection of private data and eliminating data breaches due to oversights. Although this can be customized by the client by default we have it set to 5 minutes of inactivity. When Qtis logs the user off it also registers in the audit trail identifying the reason for logging user off during the log in session.

90 Day Password Rule
Users are required to change their login passwords every 90 days.

Password History
Logging in to Qtis is important and we also considered the fact some may reuse passwords. Therefore Qtis will remember the previous 5 passwords and will not allow users to reuse a password that has been used recently.

Login Blocked after 5 Failed Login Attempts
Qtis will lock an account down if user attempts to login 5 times and the credentials are incorrect. While some use a timeframe of 1 hour increments others may use IP addresses. We won’t share which one we use but know we’ve considered all options and have deployed the most beneficial for our clients.

SSL Certificates
We utilize the latest Secure Socket Layer (SSL) encryption technology available to protect the privacy of our client’s data.

Data at Rest
The data that is stored in file storage is encrypted by using Transparent Data Encryption (TDE).

Data in Transit
The data is encrypted while we access it through private or public network communication channels and use SSL-based connections.

User Permissions
Qtis offers granular user permission settings to minimize the opportunity for error and keep a close eye on who has access to what by department and by case.

Access Logs
Enjoy comprehensive access logs detailing date, time, and user, for every single action performed in Qtis. Device information along with IP address information is collected every time a user logs in to the system.

Hosting Options
We understand that every business is different and has unique needs, which is why we offer the option for your Qtis to utilize either a local server or a cloud server to host your  data.  Keep a physical, on-site local server, or enjoy the industry-leading security standards of AWS cloud hosting.

Full Audit Trail
Access detailed information of all activities inside of Qtis. Whether its data changes or user activity, Qtis will register actions and can be traced back to a user and a device on any given date and time.

Safeguarding Your Software, Before, During and After Deployment
Our dedicated QA engineers understand that with the exponential growth and diversification of sensitive data and complex regulatory landscape, the risk for security breaches and IP theft has only grown. That’s why we provide the most thorough QA and security protocol programming solutions possible.

Software Security Solutions
Our experts provide IT security solutions for network servers, mobile applications, web apps, databases, big data servers, web services and more to protect against potential internal, external and accidental security threats. We perform risk assessments, security audits, data threat analyses, and data mapping and classification services and expert- level encryptions, as well as continuous system monitoring.

Identity and Access Management
We implement enterprise-level Identity and Access Management (IAM) protocols, enabling your IT team to easily handle privileged access and entitlement management, access certification and remediation, role-based provisioning, embedded credential management and more.

Governance, Risk and Compliance
Our risk management solutions are designed for complete compliance with government- sanctioned regulations and industry best practices for data  integrity. We perform thorough internal audits and ensure all data is properly classified, security infrastructure baseline standards are met, and third-party software is similarly compliant.

Application Security Solutions
When building a custom mobile or web application, we introduce robust security protocols into the development lifecycle as early as possible, automating code reviews and tests when we can. In addition to performing enterprise-wide dynamic application security tests (DASC), we check individual apps for ineffective security standards, business logic flaws, injected stealth code (malware, hidden sites, backdoors), poorly structured deployment environments and more.

Security Testing Solutions
Our dedicated QA engineers stage proactive white, gray and black box penetration tests throughout the development lifecycle to detect configuration errors, software bugs and backdoors that can be exploited by hackers. We enact system-wide backup and disaster recovery solutions before pen testing to ensure the integrity of the entire IT infrastructure while performing these simulations.

Encrypted Configuration
Sensitive data is encryption in config file to protect SQL Connections, passwords, User IDs and services.

Obfuscated Executables
Code binaries are obfuscated to protect from reverse engineering the code. This protects hashing and encryption keys along with code logic.