Support Portal

Implementation: Qudini Platform Security


The purpose of this page is to provide enterprise IT teams and other key project stakeholders with everything they need to know to assess Qudini's platform, particularly with regards to information security.


Contents of this page: 

  1. About Qudini
  2. Key high-level security information
  3. Table of resource content (includes links to key content you need to assess our platform. eg. System architecture documents, Data Processing agreements, Information Security information and more)



1. About Qudini


Qudini offer a SaaS based platform that enables enterprise organizations with stores and contact centers to improve customer experience, to better manage their operations and to capture data on their business.


Our core solutions include: a virtual queue management system, appointment booking software, event booking software and task management software. 


Our core business functions involve: developing and selling our SaaS solutions, supporting our clients with deployments of our solutions and managing our company operations and compliance needs to ensure that we excel in our work with our clients.


Our solutions capture customer data (name, mobile number and email address) to enable customers booking appointments, events or joining the virtual queue to receive SMS and email reminders about their service request. Employee details are also captured (name, mobile number and email) to provide them with logins to the platform to manage upcoming customer interactions and tasks. 


Qudini act purely as a data processor to the clients using our software and as a SaaS supplier to some of the globe's leading enterprise brands; security, availability and data protection are our top priority. 





2. Key high-level Security Information


At a high level, these are some of the key measures we've put in place across our platform to ensure; maximum security, high availability and prioritisation of data privacy. More information on all of this can be found in the table of resources below.




       2.1. Maximum Security


  • ISO27001 certified.
  • Regular CREST accredited penetration tests (crest is a top tier standard).
  • Role-based password authentication and HQ control of permissions.
  • Solid network design and encryption through use of firewalls for database access.
  • Uses encryption at rest, controls system access to a need-to-know basis and uses a combination of two-factor and key-based authentication.
  • Uses automated performance monitoring, vulnerability scanning and centralised log management and automated alerts to detect and inform our IT team of suspicious activity.
  • All Qudini employees are subject to background checks, while internal policies ensure they always comply with information security and business continuity procedures.



       2.2. High Availability


  • Hosted on Amazon Web Services with multiple server instances deployed around the world to maximise performance and availability by region.
  • Option for hosting on our shared servers or a dedicated virtual private cloud.
  • Hosting on at least three region availability zones ensures continuity if there’s a zone outage.
  • Uses autoscaling to monitor server load and performance to scale to new servers as needed.
  • Uses well known solid programming languages and frameworks including; Java, React and Play Framework.
  • 99.5% uptime that always exceeds 99.97%-100% with real-time tracking (links in resource table)
  • Backs up data to multiple availability zones in region with nightly snapshots.
  • Access on any device, through any browser or using our IOS and android apps.
  • A proactive support and development team who swiftly escalate and resolve any issues to meet our SLAs.



       2.3. Prioritisation of privacy 


  • Serving as a data processor, giving you (as the data controller) complete control over how your data is stored.
  • GDPR compliant through continuous work with our Data Protection Officer and legal advisors.
  • System functionality that enables you to be fully GDPR compliant when accepting and handling customer data.
  • Consultative on how to use our software in compliance with GDPR through your dedicated account manager and our best-practice guides.
  • Ability to customize how long customer personal data is stored (eg. a matter or minutes or days after the customer has completed their appointment/event/queuing experience).
  • Highly flexible platform with pick-and-mix functionality to enable you to tailor how data is captured and used (eg. what data customers are asked to input and which messages send).
  • Ability to delete customer personal data while retaining anonymous derived data for analytics purposes.
  • All our suppliers are vetted against ISO27001 and GDPR standards.





4. Resource Content Table - Platform and InfoSec


A table of resources to enable you to learn more about our platform and focus on information security:


Content (hyperlink)

Purpose

Company Overview content

Companies house profile

A link to our main UK company's profile on the UK government's companies house profile.

Website: platform overview page
A non-technical description of the processes applied across our platform to prioritise availability, security and privacy. Move along the three tabs below the header to read more on each section.
Website: Hosting options page
A page explaining our two hosting options offered to clients for shared hosting or virtual private cloud hosting.
Website: Client listOur corporate website with a list of many of the credible enterprise global brands using our platform.
Testimonial VideoFour enterprise clients share their experience of working with Qudini. Samsung (global electronics retailer), Specsavers (international optical retailer), O2 (international telco retailer) and NatWest (international retail bank).

Main Technical Detail

System Architecture document

A detailed technical description of our system architecture and functionality and processes used to prioritise availability, security and privacy.
Information Security FAQsA spreadsheet/document answering all frequently asked information security questions.
ISO27001 certificate
Our latest ISO27001 certificate
Penetration test certificate
Our latest CREST accredited penetration test certificate.
Information Security Management policy
An internal policy defining how Qudini's Information Security Management System is set-up, managed, measured, reported on and developed. This is one of a set of internal policies and procedures created to the standards of ISO270001.
DPIA 
Our most recent Data Protection Impact Assessment: Guidance for data controllers.
ISMS statement of applicability

Data Storage and Management

Overview of our solutions, data subjects and data storage
A support portal page explaining how our solutions work and how they collect and store the data of different types of data subjects.
Data processing agreement
Our standard data processing terms from our SaaS agreement.
Sub-processors list
A detailed overview of all our platform sub-processors.
Guide to using Qudini in compliance with GDPR / data protection law
A best practice guide on the functionality that we offer to enable our clients to use our platform in compliance with GDPR and other stringent data protection laws.
Company terms and policiesA page with a list of the company terms and policies that we hold.

SLAs

Standard SLA
Our standard SLAs agreed within our main SaaS agreement.
Uptime status monitor
A portal to view the recent and historic updating of our SaaS platform.





Further questions?


We hope you found this page and content library useful, if you have any further questions about the Qudini platform and our Information Security processes please get in touch with your Qudini account manager who will introduce you to our primary IT contact at Qudini.



 


Did you find it helpful? Yes No