Qualio Security Practices
Each organization using Qualio expects their data to be secure, confidential, and private. We understand how important this is to our customers and work to the best of our abilities to ensure all three expectations are met. Please review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service. This is a living document and we will update it as our service evolves and industry practices change.
Experienced Team
Even before Qualio, we've been putting services on the internet for a long time. We're good at it. Our engineering team are experienced and keep their skills up to date as industry best practices evolve. We've coded, tested and administered services running on servers in data centers around the world and we bring the collective wisdom that comes with decades of secure practice to the operation of the Qualio service.
Availability
We understand that you rely on Qualio to work. We're committed to making Qualio a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of servers, keep multiple copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents. To date, we've maintained 99.999% uptime and this will continue into the future.
Data Encryption
Content uploaded to Qualio is encrypted in transit using 128-bit SSL encryption. Qualio uses 256-bit AES at rest, and is further protected by an encryption key-wrapping strategy that also utilizes 256-bit AES encryption. We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.
Secure Physical Location
Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here:
Data redundancy
The entire system is backed up every night, and these encrypted backups are stored in a secure location with a 35 day retention period. These system backups are encrypted at all times.
Confidentiality
We regard the information you store in Qualio as private and confidential to your organization. We place strict controls over our employees' access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.
While the operation of the Qualio service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your Qualio account, this team is kept purposefully small and are prohibited from using these permissions to view customer data unless it is necessary to do so.
All of our employees and contractors are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company.
There are limited circumstances when we ever share customer content without first obtaining permission. These are outlined in our Privacy Policy.
Data export options
If you choose to stop using Qualio you may export your content (Documents, Training, Events, Audit Trail and Suppliers) using the available Export features.
System Timeouts
Qualio utilizes system timeouts to ensure that your data is protected.
The user will be logged out of Qualio automatically after 30 minutes of inactivity (while not in an editing mode of a document or event)
System timeouts apply to all activities that are not actively using the autosave functionality
System timeouts apply to all Qualio documents (for example, if a smartlink is clicked and another window is opened)
This 30 minute timeout is not adjustable by the end user and cannot be deactivated. The timeout rules only apply to the Qualio application and do not apply any external programs or websites.