Articles

Do you require access to your customer's network or systems?

No. QR Planet offers an online SaaS (Software as a Service) QR solution. No access to any customer networks or systems is necessary for delivery of our services.

Last update 2 days ago

Are outside development resources utilized?

Last update 1 week ago

Do you use applications to handle Scoped Data?

Yes. QR Planet uses applications to transmit, process and store Scoped Data. This happens in accordance with common best practices and all internal policies..

Last update 1 week ago

Do you use Web Servers for handling Scoped Data?

Yes. QR Planet uses Web Servers to transmit, process and store Scoped Data if necessary for rendering our services.

Last update 2 weeks ago

Do you employ a logical or physical segregation between network components?

Yes. Segregation between web, application and database components is an integral part of our environment's setup.

Last update 2 weeks ago

QR Planet's Change Management Policy

Our Change Management Policy has been developed, documented and approved by management and appropriate consultants. It has been communicated to employees.

Last update 1 week ago

Do you use open source software or libraries to handle sensitive data of any kind?

No. QR Planet doesn't transmit, process or store sensitive data with open source software or within open source libraries.

Last update 2 weeks ago

Are QR Planet's web applications configured to follow best practices?

QR Planet's web applications are configured to adhere to current best practices like the security guidelines by the OWASP.

Last update 2 weeks ago

Do you disallow preconfigured accounts for normal operations and monitor for their usage?

All preconfigured accounts are either deactivated or reconfigured (e.g. password change according to our Password Policy) for safe use within our environments.

Last update 2 weeks ago

Do you perform application development?

Yes. QR Planet offers Saas (Software as a Service). Applications are developed in accordance with our formal Software Development Life Cycle (SDLC) Policy.

Last update 4 weeks ago

Do you validate data input into applications developed by QR Planet?

Yes. In accordance with any of QR Planet's applicable internal Policies and relevant requirements, data input into applications developed is always validated.

Last update 2 weeks ago

Has your SDLC Policy been approved by management and communicated to appropriate Constituents?

The Policy has been approved by management but as a small company, communication of our SDLC towards employees or consultants happens during the onboarding phase.

Last update 4 weeks ago

Do you perform reviews concerning compliance with web server software security standards?

Yes.Management and appropriate consultants regularly review and validate compliance of all web servers and other devices concerning software security standards.

Last update 1 month ago

Do you prohibit the use of web server software versions that are no longer supported or updated by its publisher?

Yes. Software versions that are no longer actively supported by the software publisher and for which no more security patches are released, are prohibited.

Last update 1 month ago

Are available high-risk web server software security patches applied regularly?

Yes. All web server and other software high-risk security patches are applied and verified at least monthly, or when available.

Last update 1 month ago

Are sample applications and scripts removed from web servers?

Yes. In accordance with any of QR Planet's relevant internal Policies, all sample applications and scripts are removed from web servers when put into service.

Last update 1 month ago

Is HTTPS enabled for all of QR Planet's web pages?

Yes. In accordance with any of QR Planet's relevant internal Policies and current security standards, all of QR Planet's web pages are fully relyant on HTTPS.

Last update 1 month ago

Does your SDLC include communicating vulnerabilities to a Security Monitoring and Response Group?

As a small LLC, communication of vulnerabilities to all relevant employees, partners or consultants is part of daily business and happens continuously.

Last update 1 month ago

Does QR Planet solve identified security vulnerabilities prior to promotion to production?

If applicable, all identified security vulnerabilities are remidiated in accordance with all relevant internal Policies prior to promotion to production.

Last update 2 weeks ago

Do you perform regular Secure Code Reviews?

Our Secure Code Reviews include analyses of vulnerabilities to attacks by performing periodic penetration tests in accordance with all Policies and requirements.

Last update 1 month ago

Do you evaluate applications from a security perspective prior to promotion to production?

If deemed necessary, applications are evaluated from a security perspektive prior to promotion to production.

Last update 1 month ago

QR Planet's Application Change Management Policy

Our Application Change Management Policy and Change Controll Processes has been developed, documented and deployed to ensure all our product's are up to date.

Last update 2 weeks ago

Is sufficient detail contained in Web Server and application logs to support incident investigation?

Next to our Audit Trail Logs, our Web Servers' and applications' logs are sufficiently detailed to support any necessary incident investigation.

Last update 1 month ago

Is an Application Programming Interface (API) available to clients?

Yes. QR Planet offers its clients a comprehensive API. It makes it possible to create QR Codes, access statistics or use many more platform-specific features.

Last update 2 weeks ago

Do you develop mobile applications that access Scoped Systems and Data?

No. QR Planet does not develop mobile apps at all; We only provide a web-based self-service QR Code platform (SaaS).

Last update 2 weeks ago