The purpose of this page is to provide enterprise IT teams and other key project stakeholders with everything they need to know to assess Qudini's platform, particularly with regards to information security.
Contents of this page:
- About Qudini
- Key high-level security information
- Table of resource content (includes links to key content you need to assess our platform. eg. System architecture documents, Data Processing agreements, Information Security information and more)
1. About Qudini
Qudini offer a SaaS based platform that enables enterprise organizations with stores and contact centers to improve customer experience, to better manage their operations and to capture data on their business.
Our core solutions include: a virtual queue management system, appointment booking software, event booking software and task management software.
Our core business functions involve: developing and selling our SaaS solutions, supporting our clients with deployments of our solutions and managing our company operations and compliance needs to ensure that we excel in our work with our clients.
Our solutions capture customer data (name, mobile number and email address) to enable customers booking appointments, events or joining the virtual queue to receive SMS and email reminders about their service request. Employee details are also captured (name, mobile number and email) to provide them with logins to the platform to manage upcoming customer interactions and tasks.
Qudini act purely as a data processor to the clients using our software and as a SaaS supplier to some of the globe's leading enterprise brands; security, availability and data protection are our top priority.
2. Key high-level Security Information
At a high level, these are some of the key measures we've put in place across our platform to ensure; maximum security, high availability and prioritisation of data privacy. More information on all of this can be found in the table of resources below.
2.1. Maximum Security
- ISO27001 certified.
- Regular CREST accredited penetration tests (crest is a top tier standard).
- Role-based password authentication and HQ control of permissions.
- Solid network design and encryption through use of firewalls for database access.
- Uses encryption at rest, controls system access to a need-to-know basis and uses a combination of two-factor and key-based authentication.
- Uses automated performance monitoring, vulnerability scanning and centralised log management and automated alerts to detect and inform our IT team of suspicious activity.
- All Qudini employees are subject to background checks, while internal policies ensure they always comply with information security and business continuity procedures.
2.2. High Availability
- Hosted on Amazon Web Services with multiple server instances deployed around the world to maximise performance and availability by region.
- Option for hosting on our shared servers or a dedicated virtual private cloud.
- Hosting on at least three region availability zones ensures continuity if there’s a zone outage.
- Uses autoscaling to monitor server load and performance to scale to new servers as needed.
- Uses well known solid programming languages and frameworks including; Java, React and Play Framework.
- 99.5% uptime that always exceeds 99.97%-100% with real-time tracking (links in resource table)
- Backs up data to multiple availability zones in region with nightly snapshots.
- Access on any device, through any browser or using our IOS and android apps.
- A proactive support and development team who swiftly escalate and resolve any issues to meet our SLAs.
2.3. Prioritisation of privacy
- Serving as a data processor, giving you (as the data controller) complete control over how your data is stored.
- GDPR compliant through continuous work with our Data Protection Officer and legal advisors.
- System functionality that enables you to be fully GDPR compliant when accepting and handling customer data.
- Consultative on how to use our software in compliance with GDPR through your dedicated account manager and our best-practice guides.
- Ability to customize how long customer personal data is stored (eg. a matter or minutes or days after the customer has completed their appointment/event/queuing experience).
- Highly flexible platform with pick-and-mix functionality to enable you to tailor how data is captured and used (eg. what data customers are asked to input and which messages send).
- Ability to delete customer personal data while retaining anonymous derived data for analytics purposes.
- All our suppliers are vetted against ISO27001 and GDPR standards.
4. Resource Content Table - Platform and InfoSec
A table of resources to enable you to learn more about our platform and focus on information security:
We hope you found this page and content library useful, if you have any further questions about the Qudini platform and our Information Security processes please get in touch with your Qudini account manager who will introduce you to our primary IT contact at Qudini.