Implementation: Qudini Platform Security

Imogen Wethered

Modified on: Fri, 7 Jan, 2022 at 11:16 AM

The purpose of this page is to provide enterprise IT teams and other key project stakeholders with everything they need to know to assess Qudini's platform, particularly with regards to information security.

Contents of this page:

About Qudini
Key high-level security information
Table of resource content (includes links to key content you need to assess our platform. eg. System architecture documents, Data Processing agreements, Information Security information and more)

1. About Qudini

Qudini offer a SaaS based platform that enables enterprise organizations with stores and contact centers to improve customer experience, to better manage their operations and to capture data on their business.

Our core solutions include: a virtual queue management system, appointment booking software, event booking software and task management software.

Our core business functions involve: developing and selling our SaaS solutions, supporting our clients with deployments of our solutions and managing our company operations and compliance needs to ensure that we excel in our work with our clients.

Our solutions capture customer data (name, mobile number and email address) to enable customers booking appointments, events or joining the virtual queue to receive SMS and email reminders about their service request. Employee details are also captured (name, mobile number and email) to provide them with logins to the platform to manage upcoming customer interactions and tasks.

Qudini act purely as a data processor to the clients using our software and as a SaaS supplier to some of the globe's leading enterprise brands; security, availability and data protection are our top priority.

2. Key high-level Security Information

At a high level, these are some of the key measures we've put in place across our platform to ensure; maximum security, high availability and prioritisation of data privacy. More information on all of this can be found in the table of resources below.

2.1. Maximum Security

ISO27001 certified.
Regular CREST accredited penetration tests (crest is a top tier standard).
Role-based password authentication and HQ control of permissions.
Solid network design and encryption through use of firewalls for database access.
Uses encryption at rest, controls system access to a need-to-know basis and uses a combination of two-factor and key-based authentication.
Uses automated performance monitoring, vulnerability scanning and centralised log management and automated alerts to detect and inform our IT team of suspicious activity.
All Qudini employees are subject to background checks, while internal policies ensure they always comply with information security and business continuity procedures.

2.2. High Availability

Hosted on Amazon Web Services with multiple server instances deployed around the world to maximise performance and availability by region.
Option for hosting on our shared servers or a dedicated virtual private cloud.
Hosting on at least three region availability zones ensures continuity if there’s a zone outage.
Uses autoscaling to monitor server load and performance to scale to new servers as needed.
Uses well known solid programming languages and frameworks including; Java, React and Play Framework.
99.5% uptime that always exceeds 99.97%-100% with real-time tracking (links in resource table)
Backs up data to multiple availability zones in region with nightly snapshots.
Access on any device, through any browser or using our IOS and android apps.
A proactive support and development team who swiftly escalate and resolve any issues to meet our SLAs.

2.3. Prioritisation of privacy

Serving as a data processor, giving you (as the data controller) complete control over how your data is stored.
GDPR compliant through continuous work with our Data Protection Officer and legal advisors.
System functionality that enables you to be fully GDPR compliant when accepting and handling customer data.
Consultative on how to use our software in compliance with GDPR through your dedicated account manager and our best-practice guides.
Ability to customize how long customer personal data is stored (eg. a matter or minutes or days after the customer has completed their appointment/event/queuing experience).
Highly flexible platform with pick-and-mix functionality to enable you to tailor how data is captured and used (eg. what data customers are asked to input and which messages send).
Ability to delete customer personal data while retaining anonymous derived data for analytics purposes.
All our suppliers are vetted against ISO27001 and GDPR standards.

3. Resource Content Table - Platform and InfoSec

A table of resources to enable you to learn more about our platform and focus on information security:

Content (hyperlink)	Purpose
Company Overview content
Companies house profile	A link to our main UK company's profile on the UK government's companies house profile.
Website: platform overview page	A non-technical description of the processes applied across our platform to prioritise availability, security and privacy. Move along the three tabs below the header to read more on each section.
Website: Hosting options page	A page explaining our two hosting options offered to clients for shared hosting or virtual private cloud hosting.
Website: Client list	Our corporate website with a list of many of the credible enterprise global brands using our platform.
Testimonial Video	Four enterprise clients share their experience of working with Qudini. Samsung (global electronics retailer), Specsavers (international optical retailer), O2 (international telco retailer) and NatWest (international retail bank).
Main Technical Detail
System Architecture document	A detailed technical description of our system architecture and functionality and processes used to prioritise availability, security and privacy.
Information Security FAQs	A spreadsheet/document answering all frequently asked information security questions.
ISO27001 certificate	Our latest ISO27001 certificate
Penetration test certificate	Our latest CREST accredited penetration test certificate.
Information Security Management policy	An internal policy defining how Qudini's Information Security Management System is set-up, managed, measured, reported on and developed. This is one of a set of internal policies and procedures created to the standards of ISO270001.
DPIA	Our most recent Data Protection Impact Assessment: Guidance for data controllers.
ISMS statement of applicability
Data Storage and Management
Overview of our solutions, data subjects and data storage	A support portal page explaining how our solutions work and how they collect and store the data of different types of data subjects.
Data processing agreement	Our standard data processing terms from our SaaS agreement.
Sub-processors list	A detailed overview of all our platform sub-processors.
Guide to using Qudini in compliance with GDPR / data protection law	A best practice guide on the functionality that we offer to enable our clients to use our platform in compliance with GDPR and other stringent data protection laws.
Company terms and policies	A page with a list of the company terms and policies that we hold.
SLAs
Standard SLA	Our standard SLAs agreed within our main SaaS agreement.
Uptime status monitor	A portal to view the recent and historic updating of our SaaS platform.

Further questions?

We hope you found this page and content library useful, if you have any further questions about the Qudini platform and our Information Security processes please get in touch with your Qudini account manager who will introduce you to our primary IT contact at Qudini.

You can also find infromation about our privacy policies here

English

Related Articles