How Qtis manages and stores data

Some of the security features that Qtis offers in its core system are as follows:

User Credentials
Qtis users are required to use a valid email address, and in addition to signing up with a valid email account, they must also create a 12 character complex password in order to access our system.

User Password Encryption
Qtis employs salted hashing of passwords, which is the strongest password encryption type currently available. All user passwords are stored in an encrypted format. We have no access to user’s passwords. Qtis users will be asked to reset passwords when their passwords are lost or forgotten.

User Inactivity
Qtis logs inactivity and cues an automatic logoff after remaining inactive for a certain amount of time, allowing for further protection of private data and eliminating data breaches due to oversights. Although this can be customized by the client, by default a standard timeout period is implemented on all user accounts. When Qtis logs the user off it also registers in the audit trail identifying the reason for logging user off during the log in session.

Two-Factor Authentication
In addition to entering a user’s email address and password, users can also implement a one-time use passcode (OTP) required for a user to login.  This feature, which updates every time a user logs in, adds another level of protection for system users mitigating the compromise of unwanted access.

90 Day Password Reset
Users are required to change their login passwords every 90 days.

90 Day Account Inactivity
Accounts that have been inactive for 90 days are disabled for security reasons.

Password History
Logging in to Qtis is important and we also considered the fact some may reuse passwords; therefore, Qtis will remember the previous 5 passwords and will not allow those passwords to be reused.

Account Disabled after 5 Failed Login Attempts
Qtis will lock an account down if user attempts to login 5 times and the credentials are incorrect. This feature is designed to avoid unauthorized access by brute force attacks.

SSL Certificates
We utilize the latest Secure Socket Layer (SSL) encryption technology available to protect the privacy of our client’s data and all files shared to others who may not have Qtis credentials.

TLS Encryption
Transport Layer Security is the cryptographic protocol we use in our product which is designed to provide communications security over computer networks. This protocol is widely used in applications like email, instant messaging, and voice over IP, but to date its use in securing HTTPS remains the most publicly visible in many technologies and Qtis is no exception.

Data at Rest
The data that is stored in file storage is encrypted by using Transparent Data Encryption (TDE).

Secure File Storage
Files uploaded into Qtis are stored securely in the cloud.

Data in Transit
The data is encrypted while we access it through private or public network communication channels and use SSL-based connections.

User Permissions
Qtis offers granular, role-based user permission settings to minimize the opportunity for error and keep a close eye on who has access to what by department and by case. NOTE: This does not apply to those using our Client Portal version which allows for Qtis users to share file/records with others outside their organization and do not have Qtis credentials.

IP Restriction Parameters
Admin users can restrict system user access by IP address. If you are not logging in from an authorized IP address your access to Qtis will not be granted.

Access Logs
Enjoy comprehensive access logs detailing date, time, and user, for every single action performed in Qtis. Device information along with IP address information is collected every time a user logs in to the system.

Hosting Options
We understand that every business is different and has unique needs, which is why we offer the option for your Qtis to utilize either a local server or a cloud server to host your data.  Our clients have the option to keep a physical, on-site local server, or enjoy the industry-leading security standards of AWS cloud hosting along other highly qualified cloud services.

Full Audit Trail
Access detailed information of all activities within Qtis. Whether its data changes or user activity, Qtis will register actions and can be traced back to a user and a device on any given date and time.

Safeguarding Your Software, Before, During and After Deployment
Our dedicated QA engineers understand that with the exponential growth and diversification of sensitive data and complex regulatory landscape, the risk for security breaches and IP theft has only grown. That’s why we provide the most thorough QA and security protocol solutions possible.

Software Security Solutions
Our experts provide IT security solutions for network servers, mobile applications, web apps, databases, big data servers, web services and more to protect against potential internal, external and accidental security threats. We perform risk assessments, security audits, data threat analyses, and data mapping and classification services and expert- level encryptions, as well as continuous system monitoring.

Identity and Access Management
We implement enterprise-level Identity and Access Management (IAM) protocols, enabling your IT team to easily handle privileged access and entitlement management, access certification and remediation, role-based provisioning, embedded credential management and more.

Governance, Risk and Compliance
Our risk management solutions are designed for complete compliance with government- sanctioned regulations and industry best practices for data  integrity. We perform thorough internal audits and ensure all data is properly classified, security infrastructure baseline standards are met, and third-party software is similarly compliant.

Application Security Solutions
When building a custom mobile or web application, we introduce robust security protocols into the development lifecycle as early as possible, automating code reviews and tests when we can. In addition to performing enterprise-wide dynamic application security tests (DASC), we check individual apps for ineffective security standards, business logic flaws, injected stealth code (malware, hidden sites, backdoors), poorly structured deployment environments and more.

Security Testing Solutions
Our dedicated QA engineers stage proactive white, gray and black box penetration tests throughout the development lifecycle to detect configuration errors, software bugs and backdoors that can be exploited by hackers. We enact system-wide backup and disaster recovery solutions before pen testing to ensure the integrity of the entire IT infrastructure while performing these simulations.

Encrypted Configuration
Sensitive data is encryption in config files to protect SQL Connections, passwords, User emails, IDs and services.

SOC 2 Type II Certification
Zinatt Technologies Inc is proud to announce we will be receiving our SOC 2 Type II Certification in early 2023.

A SOC 2 Type II report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services.

**Request Certifications & Compliance Reports with ciso@qtis.us **